Hi devs,
I've been investigating MediaWiki within my Bachelor's thesis "Application of security test tools in open source" at the Free University of Berlin (FU Berlin) [1]. Basically, I am looking for security measures which have been taken to prevent security leaks/vulnerabilities especially with security test tools
MediaWiki is one of the most popular applications across the web. So the attack area maybe quite large.
I have searched across the wiki itself, the mailist list and repo. I have noticed some things, I'd like like to remark:
You advise, as most projects do, to turn "register_globals" off to decrease attack possibilities [3]. A security reponse team [2] handles security vulnerabilities and patches them immediately. Most releases do include security fixes.
I am sure that you do anything you can to assure security.
Spite the recommondations and the security team. Does this team or any other group/person take any measures to assure security with testing tools, with a special test plan or functional requirements?
Thanks in advance,
Michael
[1] https://www.inf.fu-berlin.de/w/SE/ThesisFOSSSecurityTools [2] http://www.mediawiki.org/wiki/Security [3] http://meta.wikimedia.org/wiki/Documentation:Security#General_PHP_recommenda...