Hi Brian,
The Phan-Taint-Check-Plugin looks great. I'll look into using it whn I'm considering new extensions. Thanks! .. I have had some private responses regarding the security scanning that have named tools such as MVM, Nessus, and Acunetix.. All new words to me.. I'll continue to keep this thread updated with what I learn as I learn it. But please, if anyone reading this has any insight, about application security scanning tools... please weigh-in.
-Rich
-----Original Message----- From: MediaWiki-l [mailto:mediawiki-l-bounces@lists.wikimedia.org] On Behalf Of Brian Wolff Sent: Tuesday, February 13, 2018 9:50 AM To: MediaWiki announcements and site admin list Subject: Re: [MediaWiki-l] Web application security scanner for Mediawiki?
Hi,
Not a web application security scanner, but on a related note, I am currently experimenting with using static analysis to detect flaws in MediaWiki extensions - https://github.com/wikimedia/Phan-Taint-Check-Plugin . It is still rather experimental (And has some annoying dependency requirements that I need to fix), but perhaps it would be helpful to you.
I'd be very interested in hearing about any successes you have with security scanning tools.
-- Brian
On Tue, Feb 13, 2018 at 1:56 PM, Evans, Richard K. (GRC-H000) richard.k.evans@nasa.gov wrote:
As I am advocating for increased adoption of Mediawiki in my organization, they have asked me if there are any pre-existing Web Application Security Scanners for Mediawiki. They mentioned "Netsparker" as an example of a web application security scanning tool that they use already and asked me if I knew if it was adequate for Mediawiki.. I did not know. So I thought I'd ask here if the Mediawiki Dev. community has any recommendations for web application security scanning tools that are known to work well for Mediawiki sites.
Does anyone run a Mediawiki site that is audited a Web Application Security Scanner tool? If so, I'd love to hear from you.
Thanks, -Rich
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l