Security/Testing: Difference between revisions

no edit summary
No edit summary
Line 1: Line 1:
= Firefox Security Testing Team =
= Firefox Security Testing Team =
Security Testing, Auditing and Monitoring to keep Firefox secure
Securing Firefox through Security Testing, Auditing and Monitoring
 
Email us at security-testing@mozilla.com.
 
What are we working on? See our Trello board.
 
We can help you if you need:
- security testing of a feature you have built (or are close to building)
- in-depth security auditing


== Contact ==
== Contact ==
Email us at security-testing@mozilla.com.


To report a security issue on a given site, use the client bug bounty form [https://bugzilla.mozilla.org/form.client.bounty here].


= Activities =
 
 
To report a security issue in Firefox desktop or mobile, use the client bug bounty form [https://bugzilla.mozilla.org/form.client.bounty here].
 
= What do we do? =
==Release Security Testing==
==Release Security Testing==
Security testing of features to mitigate implementation risk and catch common security flaws. Testing will be targeted on features identified by:
Security testing of features to mitigate implementation risk and catch common security flaws. Testing will be targeted on features identified by:
* Residual risk highlighted by Engineering Security Review process  
* Residual risk highlighted by Engineering Security Review process  
* Triage upcoming desktop & mobile features to identify “risky” features/changes that warrant security testing (catch-all for features which missed security review)
* Triage upcoming desktop & mobile features to identify “risky” features/changes that warrant security testing (catch-all for features which missed security review)
'''[https://mzl.la/2R2Wete Task Queue]'''


== Vulnerability management and measurement ==
== Vulnerability management and measurement ==
Line 21: Line 30:
* Testing of large browser features that span multiple releases (e.g. Web Payments)
* Testing of large browser features that span multiple releases (e.g. Web Payments)
* Testing of Firefox security components (e.g. Sandbox testing)
* Testing of Firefox security components (e.g. Sandbox testing)
* Testing of areas of known weakness (e.g. components receiving frequent security issues)
* Testing of areas of known weakness (e.g. components receiving frequent security issues through manual auditing, static analysis, instrumentation etc)
 
<bugzilla>
    {
        "product": "Firefox",  
        "component": "Security: Review Requests",
        "whiteboard": "audit",
        "include_fields": ["id", "summary", "whiteboard", "status", "resolution"],
        "status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"]
    }
</bugzilla>
canmove, Confirmed users
1,220

edits