Simetrical wrote:
On Wed, Apr 30, 2008 at 7:48 AM, Michael Osipov ossipov@inf.fu-berlin.de wrote:
Spite the recommondations and the security team. Does this team or any other group/person take any measures to assure security with testing tools, with a special test plan or functional requirements?
Hi,
Nick Jenkins has done some fuzz-testing on MediaWiki in the past. As far as I'm aware, that's about the end of specific security testing that's done on MediaWiki, at least by the developers. The rest is covered by general code review: checking new code to make sure everything is escaped properly, and looking over old code as it's being maintained.
Do you think it's worth trying to contact Nick? I know that he fuzzes JAMWiki too. Seems like he's into it.
Mike