Hi,
Not a web application security scanner, but on a related note, I am currently experimenting with using static analysis to detect flaws in MediaWiki extensions - https://github.com/wikimedia/Phan-Taint-Check-Plugin . It is still rather experimental (And has some annoying dependency requirements that I need to fix), but perhaps it would be helpful to you.
I'd be very interested in hearing about any successes you have with security scanning tools.
-- Brian
On Tue, Feb 13, 2018 at 1:56 PM, Evans, Richard K. (GRC-H000) richard.k.evans@nasa.gov wrote:
As I am advocating for increased adoption of Mediawiki in my organization, they have asked me if there are any pre-existing Web Application Security Scanners for Mediawiki. They mentioned "Netsparker" as an example of a web application security scanning tool that they use already and asked me if I knew if it was adequate for Mediawiki.. I did not know. So I thought I'd ask here if the Mediawiki Dev. community has any recommendations for web application security scanning tools that are known to work well for Mediawiki sites.
Does anyone run a Mediawiki site that is audited a Web Application Security Scanner tool? If so, I'd love to hear from you.
Thanks, -Rich
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l