Schedule: https://docs.google.com/spreadsheets/d/1ABb68I7LHtG2fIh2CiMAMC_L45QUVfqP0bJfqkqW0NM/edit#gid=0
Log into Pantheon dashboard https://dashboard.pantheon.io/
Select the site you want:
Change to test:
Choose button “Visit Test Site”
Go to the admin dashboard “/wp/wp-admin/”
** Go to WPForms and select individually (there is no bulk action for these)
Left side menu, click on “Settings”, then “Notifications”
Change dropdown box to Off, then click save
Go back to the dashboard, use the back arrow
Click “Contacts”
Click the checkbox next to “Title” to select all the contacts
Next steps 1. Change the Bulk Actions dropdown to “Edit” and 2. click “Apply”
3. Change to dropdown to “Draft” and 4. Click the “Update” button in the lower right corner of the above box
Notify partners of upcoming scan:
Pantheon: click the support button, then pick "Chat".
Let them know that you are requesting a security scan on giving test or alumni test and you will get a response granting you permission to do so.
Reactiv: In Asana
Pick the red project, and under More, conversations:
Give the conversation a title, write your message and make sure that Tina and Nick are notified.
Request the security scan:
You are now ready to email your request for the scan to security-services@cornell.edu and include the URL for the site you want scanned.
For example: https://test-cornell-giving.pantheonsite.io/ or https://test-cornell-alumni.pantheonsite.io/
Re-scans are also sent to security-services@cornell.edu
When security scans show no medium or high vulnerabilities:
Move the zipped reports into the box security scan folder https://cornell.app.box.com/folder/102259894267?s=jeekdk83wpvrwe9daeu3aniyvlg9v70s
in the appropriate year folder and update the Vulnerability scan schedule https://docs.google.com/spreadsheets/d/1ABb68I7LHtG2fIh2CiMAMC_L45QUVfqP0bJfqkqW0NM/edit#gid=0
Last step:
** Finally you need to go back into WPForms and Contacts to set everything back.