Security/Testing: Difference between revisions
< Security
Jump to navigation
Jump to search
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
= Firefox Security Testing Team = | = Firefox Security Testing Team = | ||
Security Testing, Auditing and Monitoring to | Securing Firefox through Security Testing, Auditing and Monitoring | ||
Email us at security-testing@mozilla.com. | |||
What are we working on? See our Trello board. | |||
We can help you if you need: | |||
- security testing of a feature you have built (or are close to building) | |||
- in-depth security auditing | |||
== Contact == | == Contact == | ||
= | |||
To report a security issue in Firefox desktop or mobile, use the client bug bounty form [https://bugzilla.mozilla.org/form.client.bounty here]. | |||
= What do we do? = | |||
==Release Security Testing== | ==Release Security Testing== | ||
Security testing of features to mitigate implementation risk and catch common security flaws. Testing will be targeted on features identified by: | Security testing of features to mitigate implementation risk and catch common security flaws. Testing will be targeted on features identified by: | ||
* Residual risk highlighted by Engineering Security Review process | * Residual risk highlighted by Engineering Security Review process | ||
* Triage upcoming desktop & mobile features to identify “risky” features/changes that warrant security testing (catch-all for features which missed security review) | * Triage upcoming desktop & mobile features to identify “risky” features/changes that warrant security testing (catch-all for features which missed security review) | ||
== Vulnerability management and measurement == | == Vulnerability management and measurement == | ||
| Line 21: | Line 30: | ||
* Testing of large browser features that span multiple releases (e.g. Web Payments) | * Testing of large browser features that span multiple releases (e.g. Web Payments) | ||
* Testing of Firefox security components (e.g. Sandbox testing) | * Testing of Firefox security components (e.g. Sandbox testing) | ||
* Testing of areas of known weakness (e.g. components receiving frequent security issues | * Testing of areas of known weakness (e.g. components receiving frequent security issues through manual auditing, static analysis, instrumentation etc) | ||
Revision as of 03:29, 23 April 2019
Firefox Security Testing Team
Securing Firefox through Security Testing, Auditing and Monitoring
Email us at security-testing@mozilla.com.
What are we working on? See our Trello board.
We can help you if you need:
- security testing of a feature you have built (or are close to building) - in-depth security auditing
Contact
To report a security issue in Firefox desktop or mobile, use the client bug bounty form here.
What do we do?
Release Security Testing
Security testing of features to mitigate implementation risk and catch common security flaws. Testing will be targeted on features identified by:
- Residual risk highlighted by Engineering Security Review process
- Triage upcoming desktop & mobile features to identify “risky” features/changes that warrant security testing (catch-all for features which missed security review)
Vulnerability management and measurement
Security Activities in in the post-release phase - monitoring of incoming security bugs, measuring features on the web, and security maintenance activities like monitoring for security issues in dependencies.
Security Auditing Projects
Target security testing projects not tied to a specific Firefox release:
- Testing of large browser features that span multiple releases (e.g. Web Payments)
- Testing of Firefox security components (e.g. Sandbox testing)
- Testing of areas of known weakness (e.g. components receiving frequent security issues through manual auditing, static analysis, instrumentation etc)