文档中心 > Lazada Open Platform

Access to Sensitive Data

更新时间:2022/08/01 访问次数:2927

How to access Sensitive Data  - unmasking Request


You need to go through the following procedure to request access to the sensitive data which are masked. This page describes the steps to unmask the business data which are categorized as sensitive according to the Data Classification Policy. 

 

Security process for unmasking the sensitive data consists of the following steps:

 

  1. Application Architecture Information Form 

    • Port requirement

    • Data Flow Diagram

    • Hosting environment

    • Other relevant information

  2. DataMoat Integration

    • Security requirements

    • Penetration test

  3. Vulnerability assessment

  4. Verification

 

Procedure


Apply for Unmasking Data

 

Login to https://open.lazada.com/ > APP Console > Click Manage under Action > Sensitive Data Privilege > Apply Unmask

  • The page is automatically redirected to the Data Registration App.
  • It is mandatory to complete the Datamoat security review process for requested APPKEY within 2 weeks after that any request "In Progress" status will be closed by the system and then need to request for the unmask data again from step 1.

 


Step 1. Fill in your Application Architecture Information Form 

 

Once you are in the  DataMoat Console, please fill in and submit the information about your application architecture.

  • Please use https and make sure the URL is accessible, otherwise there is a possibility that your application is rejected.
  • Please refer to Data Flow Diagram document if you are not sure what to upload

 

 

 

Step 2. Your application is being reviewed (No action required)

 

The status should now change to Under Review . Lazada will review the application form you have submitted in the previous step.

  • We are pleased to receive a large amount of interest! However, please expect a delay in our response although we are trying our best to reach out to you as soon as possible. Should you have questions, please raise a ticket to us from Contact Us .

 

 

Step 3. DataMoat Integration

 

The type of security controls depend on Step 2 review result, however, typically this step consists of : 

  • Security Requirements (password)
  • Penetration Test

 

 

Step 3.1. Security Requirements

 

This is the list of our security requirement.

  • Please state how your application is complying with each item by clicking Provide details under Requirement Compliance

 

 

 

 

 

Step 3.2.  Penetration Test 

 

Please fill in the information required for penetration testing. 

 

  • Please use https and make sure the URL is accessible, otherwise there is a possibility that your application is rejected.
  • We strongly recommend to carry out the penetration test on your staging environment. Please also have your data fully backed up before the test.
  • Once the penetration test is scheduled, an email and/or ticket notification will be sent to your registered email address or to the message center on your LAZOP console. Such notification will be sent at least 2 days prior to the test schedule. Should you have any conerns, please reply directly to our email or raise a ticket via Contact US under Security Testing category.
  • Vulnerabilities that are assessed will be notified by the Message Center as well as an email , and details are listed under Vulnerability Management  on DataMoat Console. 

Login to   https://open.lazada.com/   > APP Console > DataMoat > Security Operation > Vulnerability Management (or click  here  )

  • Please click here for our Penetration Test methodology details.
  • This step will be repeated until  all  the vulnerabilities assessed are cleared
  • Security Test typically takes up to 5 working days from the day Lazada receives adequate information to perform the test

 

 

 

 

 

 

 

 

Step 4. Final Verification (No action required)

 

You will be notified once verification is complete via an email or message center on LAZOP console.

 

 

Step 5. Complete

 

The sensitive data is now unmasked.

 

 

Any Questions? 

 

Please raise a ticket from Contact Us under Security Review question category.

 

 

 

FAQ

关于此文档暂时还没有FAQ
返回
顶部