Please fill in the PenTest information required:
- We strongly recommend to carry out the penetration test on your staging environment. Please also have your data fully backed up before the test.
- Please use https and make sure the URL is accessible. We will reject applications with invalid test URL.
- Please provide 2 test accounts from different user roles or user group. For example,
- Provide 1 test account from normal user role and 1 test account from admin role.
- Provide 1 test account from seller A and 1 test account form seller B.
- Please read the "Authorization" notice carefully and authorize Lazada carrying out of security testing on the test application URL with the test credentials.
- If your application has been tested within past 3 months by a third party tester, please attach the test report in the form. We will verify the test report if the test scope and methodology fulfills our requirements and pass the Pentest step based on the report.
- Please click here for our Penetration Test methodology details.
Initial PenTest Scheduling:
- Test is scheduled based on first come first serve basis.
- Initial test will be completed in 1 day to 3 weeks.
- If there is any vulnerability reported, this step will be marked as "Not Pass" with feedback provided in the "Problems and fix suggestions" section.
- Vulnerabilities will be notified by the Message Center as well as an email , and details are listed under Vulnerability Management on DataMoat Console. Login to https://open.lazada.com/ > APP Console > DataMoat > Security Operation > Vulnerability Management (or click here )
- Please read trough the vulnerabilities and recommendation. Once all the vulnerabilities are fixed, please submit the updated test information again. This step will be repeated until all the vulnerabilities reported are cleared
PenTest Re-test Scheduling:
- Re-test typically takes 1-5 working days for the first 2 rounds of retest.
- From the 3rd rounds of re-test onward, 1 month additional delay for re-test will be added to start retest date.
- Please raise a LazOP ticket under "security testing" category for technical support if you need any help from fixing the vulnerabilities.
FAQ
关于此文档暂时还没有FAQ