Grant temporary access to web based Data Engineering tools to Bishop Fox
We have retained the services of Bishop Fox to carry out a number of pentesting and other application security testing activities.
Part of their remit includes assessing the following seven web based tools that are managed by the Data-Engineering team:
In order to carry out their assessment, they will need to be provided with working login credentials for the applications (including our SSO environment).
They will not be granted production shell access, nor membership of any POSIX groups such as analytics-privatedata-users
These access tokens must be time limited to the period of engagement, which is currently: 12th of June 2023
The resources required are:
- A Wikimedia Developer Account for each individual in the third-party organisation who requires access.
- Membership of the nda LDAP group for each of these accounts.
- A discrete user account in Matomo for each individual who requires access.
Contacts within WMF
The individuals within WMF who are responsible for the hybrid application assessment are:
According to the WMF-Legal team, Bishop Fox has signed an NDA equivalent to L2.