Security/Reviews/AppsProject: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
m (→MarketPlace) |
||
| Line 196: | Line 196: | ||
| Raymond Forbes | | Raymond Forbes | ||
| | | | ||
| | | [https://github.com/mozilla/apps-payment-server/blob/master/DESIGN.md link] | ||
| | | | ||
| | | | ||
Revision as of 18:34, 22 December 2011
Component Tracking
Firefox
| Component | Security Resource | Next Milestone | Project Page | Data Flow Diagrams | Threat Model | Security Code Review Bug | Security Review | Status (At Risk | On Track) | Security Approved For Beta Launch? |
| Firefox | |||||||||
| Mobile App API | |||||||||
| Desktop App API | |||||||||
| Desktop App Extension | data flow | ||||||||
| B2G API |
WebRT
| Component | Security Resource | Next Milestone | Project Page | Data Flow Diagrams | Threat Model | Security Code Review Bug | Security Review | Status (At Risk | On Track) | Security Approved For Beta Launch? |
| Mobile Firefox "App Mode" | |||||||||
| Desktop Firefox "App Mode" | |||||||||
| Android Soup | |||||||||
| Desktop XUL App | |||||||||
| Windows Launcher | |||||||||
| Mac Launcher | |||||||||
| Linux Launcher | |||||||||
| HTML5 dashboard |
MarketPlace
| Component | Security Resource | Next Milestone | Project Page | Data Flow Diagrams | Threat Model | Security Code Review Bug | Security Review | Status (At Risk | On Track) | Security Approved For Beta Launch? |
| App display-and-install flow | Raymond Forbes | link | |||||||
| App purchase flow | Raymond Forbes | link | link | link | link | ||||
| In App purchase flow | Raymond Forbes | link | |||||||
| Refund/Chargeback Process | Raymond Forbes | ||||||||
| App receipt generation | Raymond Forbes | ||||||||
| App receipt verification | Raymond Forbes |
Sync
| Component | Security Resource | Next Milestone | Project Page | Data Flow Diagrams | Threat Model | Security Code Review Bug | Security Review | Status (At Risk | On Track) | Security Approved For Beta Launch? |
| App Sync service | link | ||||||||
| Sauropod Data Storage | Pending - possible sync backend |
Identity
| Component | Security Resource | Next Milestone | Project Page | Data Flow Diagrams | Threat Model | Security Code Review Bug | Security Review | Status (At Risk | On Track) | Security Approved For Beta Launch? |
| BrowserID Authentication | |||||||||
| Native App Silent Install |
Dynamic API Security
| Component | Security Resource | Next Milestone | Project Page | Data Flow Diagrams | Threat Model | Security Code Review Bug | Security Review | Status (At Risk | On Track) | Security Approved For Beta Launch? |
| Apps API Permission Model | |||||||||
| Plan for regulating APIs based on App Status |
|||||||||
| App Review | |||||||||
| App Revocation |
Security Review Details
Data Flow Diagrams
Sequence diagrams (example) or descriptions of data movement (example)
Threat Model
Completed threat model - example
Security Code Review Bug
Bugzilla link for a security based code review of the major code involved in this component
Security Review
Link, if necessary, to a larger security review page that will track a variety of actions.
Timeline
This isn't the official progress tracker; however, the following health checks are planned:
- Data flow diagrams - Before December 25
- Threat Models - By January 15
| Component Areas | Project Page Available | ' | Spec/Plan Complete | ' | Data Flows Documented | ' | Threat Modeling | ' | Coding Complete | ' | Security Code Review Complete | ' |
| Target | Actual | Target | Actual | Target | Actual | Target | Actual | Target | Actual | Target | Actual | |
| 1.1 Firefox | 15-Dec | 27-Dec | NA | 15-Jan | 5-Feb | 15-Feb | ||||||
| 1.2 WebRT | 15-Dec | 27-Dec | 31-Dec | 15-Jan | 5-Feb | 15-Feb | ||||||
| 1.3 MarketPlace | 15-Dec | 27-Dec | 31-Dec | 15-Jan | 5-Feb | 15-Feb | ||||||
| 1.4 Sync | 15-Dec | 27-Dec | 31-Dec | 15-Jan | 5-Feb | 15-Feb | ||||||
| 1.5 Identity | 15-Dec | 27-Dec | 31-Dec | 15-Jan | 5-Feb | 15-Feb | ||||||
| 1.6 Dynamic API Security | 15-Dec | 27-Dec | 31-Dec | 15-Jan | 5-Feb | 15-Feb |