|
|
| (4 intermediate revisions by the same user not shown) |
| Line 73: |
Line 73: |
| ==== Diagram ==== | | ==== Diagram ==== |
| [https://wiki.mozilla.org/Apps/ID_and_Payments#Developer_Registration_Data_Flow_Diagram DataFlow Diagrams] | | [https://wiki.mozilla.org/Apps/ID_and_Payments#Developer_Registration_Data_Flow_Diagram DataFlow Diagrams] |
| | |
| | ==== Data Type Definition ==== |
| | [https://wiki.mozilla.org/Apps/ID_and_Payments#Developer_Registration_Data_Types Data Types] |
|
| |
|
| == Stage 2: Design == | | == Stage 2: Design == |
| Line 89: |
Line 92: |
| | align="center" style="background:#f0f0f0;"|'''Notes''' | | | align="center" style="background:#f0f0f0;"|'''Notes''' |
| |- | | |- |
| | 1||Compromise Paypal API Key||The Paypal API key is used for communication with paypal and identifies Mozilla. If this key is leaked, it is possible to impersonate Mozilla to Paypal.||Separation of payment systems from the rest of AMO. Incident response process to include communication with payal to disable API key. Proper CEF logging key.||Skilled Attacker||12||3||4 – Reputation|| | | | 1|||||||||||||||| |
| |- | | |- |
| | 2||Compromise AMO database||Currently, customer's paypal information resides in the AMO database. If the AMO database is compromised this would include paypal information.||Separation of payment data from the rest of AMO. Incident response process to include communication with payal to disable pre-auth keys. Proper CEF logging key.||Skilled Attacker||12||3||4 – Reputation||for an actual compromise, this would require the paypal API key as well. | | | 2|||||||||||||||| |
| |- | | |- |
| | 3||malicious access to apps device ||If a phone is stolen or given to a friend/family member, it is possible for that person to make purchases.||A PIN is to be implemented that is required for purchases and in-app purchases. CEF logging on transactions to track excessive purchases. Incident response to deal wiht stolen phone.||Malicious User||12||3||4 – Reputation||In other systems (i.e. iOS, this i a configured parameter. | | | 3|||||||||||||||| |
| |- | | |- |
| | 4||Malicious extension could steal browserid credentials ||A rogue extension could possibly steal credentials or cause transactions to happen.||A PIN is to be implemented that is required for purchases and in-app purchases. CEF logging on transactions to track excessive purchases. Incident response to deal with stolen credentials.||Malicious Developer||12||3||4 – Reputation||It is not possible to siphon funds to any paypal account. Must be registered with marketplace. | | | 4|||||||||||||||| |
| |- | | |- |
| | 5||Malicious App creates fake iframe ||An app could create an iframe in order to overlay a purchase iframe. ||A PIN is to be implemented that is required for purchases and in-app purchases. CEF logging on transactions to track excessive purchases. Incident response to deal with stolen credentials. Paypal account shows all purchases. ||Malicious App||12||3||4 – Reputation|| | | | 5|||||||||||||||| |
| |- | | |- |
| | 6||Malicious App creates fake iframe ||An app could create an iframe in order to overlay a purchase iframe. ||A PIN is to be implemented that is required for purchases and in-app purchases. CEF logging on transactions to track excessive purchases. Incident response to deal with stolen credentials. Paypal account shows all purchases. ||Malicious App||12||3||4 – Reputation|| | | | 6|||||||||||||||| |
| |- | | |- |
| | 7||XSS vuln could allow malicious user to force purchase ||If a XSS is found in the marketplace, this could be used to force a purchase. ||A PIN is to be implemented that is required for purchases and in-app purchases. enable CSP on the marketplace site. CEF logging on transactions to track excessive purchases. Incident response to deal with stolen credentials. Paypal account shows all purchases. ||Malicious App||12||3||4 – Reputation|| | | | 7|||||||||||||||| |
| |- | | |- |
| | 8||CSRF could force purchase. ||If a XSS is found in the marketplace, this could be used to force a purchase. ||A PIN is to be implemented that is required for purchases and in-app purchases. enable CSRF protection token on the marketplace site. CEF logging on transactions to track excessive purchases. Incident response to deal with stolen credentials. Paypal account shows all purchases. ||Malicious App||12||3||4 – Reputation|| | | | 8|||||||||||||||| |
| |- | | |- |
| |} | | |} |
| Line 194: |
Line 197: |
|
| |
|
| === Critical Security Requirements === | | === Critical Security Requirements === |
| PIN required for purchases and in-app purchases. https://bugzilla.mozilla.org/show_bug.cgi?id=759021
| | Sensitive Bank information must go through Solitude. |
| | |
| Move paypal process to independent servers. https://bugzilla.mozilla.org/show_bug.cgi?id=759055
| |
| | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=759058
| |
| | |
| temporarily encrypt pre-auth key: https://bugzilla.mozilla.org/show_bug.cgi?id=717444
| |
|
| |
|
| == Stage 4: Development == | | == Stage 4: Development == |