Hi friends!
We need ensure all service/API we release are secure. We are storing data that is worth a lot for outsiders to hack. Since we lack of necessary skill to ensure that, we engage security team to review our service/API.
So if you are planning to create a new service, be it internal or (more importantly) public, please let me know so we could review it with security team before we release. We will ask for penetration test as well.
There will be two reviews:
1) architectural review, need to be done during design phase
2) vulnerability review & penetration test, need to be done after API is created (but before release)
How to request a security review?
For now, please fill in this doc, and slack @rendybjunior
https://docs.google.com/spreadsheets/d/1AbCiBdIT50iKuNzh33ReYuCETFoEwETZUiW5trZdmcY/edit#gid=0
Hi friends!
We need ensure all service/API we release are secure. We are storing data that is worth a lot for outsiders to hack. Since we lack of necessary skill to ensure that, we engage security team to review our service/API.
So if you are planning to create a new service, be it internal or (more importantly) public, please let me know so we could review it with security team before we release. We will ask for penetration test as well.
There will be two reviews:
1) architectural review, need to be done during design phase
2) vulnerability review & penetration test, need to be done after API is created (but before release)
How to request a security review?
For now, please fill in this doc, and slack @rendybjunior
https://docs.google.com/spreadsheets/d/1AbCiBdIT50iKuNzh33ReYuCETFoEwETZUiW5trZdmcY/edit#gid=0