-
Notifications
You must be signed in to change notification settings - Fork 0
Final Security Review
Log of the final security review conducted by the development team.
Time of conduct: November 29., 2020, 23:20
Verifying against Quality Gates
Verifying using Testing the Native Component.
We concluded, that the component passes the code quality gate stated:
- The maintainability rating of the component determined by the the static analysis tools (see) is not worse than A (when the technical debt ration is less than 5.0%)
- The reliability rating of the component determined by the the static analysis tools (see) is not worse than A (when there are no bugs detected)
- The security rating of the component determined by the the static analysis tools (see) is not worse than A (when there are no vulnerabilities detected)
- All the security hotspots regarding of the component found by the the static analysis tools have been reviewed
We concluded that the component passes the tests, and the tests tested the different functional and security requirements. During testing there were no issues identified by fuzzing, or memory handling issues identified by valgrind. No issues were identified by formal verification.
Verifying using Testing the Server Endpoints.
We concluded, that the component passes the code quality gate stated:
- The maintainability rating of the component determined by the the static analysis tools (see) is not worse than A (when the technical debt ration is less than 5.0%)
- The reliability rating of the component determined by the the static analysis tools (see) is not worse than A (when there are no bugs detected)
- The security rating of the component determined by the the static analysis tools (see) is not worse than A (when there are no vulnerabilities detected)
- All the security hotspots regarding of the component found by the the static analysis tools have been reviewed
We concluded that the component passes the functional and security tests. There were no issues identified during penetration testing by sqlmap.
Verifying using Testing the Android Application.
We concluded, that the component passes the code quality gate stated:
- The maintainability rating of the component determined by the the static analysis tools (see) is not worse than A (when the technical debt ration is less than 5.0%)
- The reliability rating of the component determined by the the static analysis tools (see) is not worse than A (when there are no bugs detected)
- The security rating of the component determined by the the static analysis tools (see) is not worse than A (when there are no vulnerabilities detected)
- All the security hotspots regarding of the component found by the the static analysis tools have been reviewed
We concluded that there were no issues identified during penetration testing by Dozer.
All the components pass the quality gate, so the software is ready to be released.
© Grotesque Gecko, 2020
- Functional Requirements and Use Cases
- Security Requirements and Objectives
- Threat Assessment
- Quality Gates
- Chosen Technologies
- Required Security Functionalities
- Structural Model of the System
- Behavioral Model of the System