[MediaWiki-l] Web application security scanner for Mediawiki?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[MediaWiki-l] Web application security scanner for Mediawiki?

rkevans
As I am advocating for increased adoption of Mediawiki in my organization, they have asked me if there are any pre-existing Web Application Security Scanners for Mediawiki. They mentioned "Netsparker" as an example of a web application security scanning tool that they use already and asked me if I knew if it was adequate for Mediawiki.. I did not know. So I thought I'd ask here if the Mediawiki Dev. community has any recommendations for web application security scanning tools that are known to work well for Mediawiki sites.

Does anyone run a Mediawiki site that is audited a Web Application Security Scanner tool? If so, I'd love to hear from you.

Thanks,
-Rich

_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Web application security scanner for Mediawiki?

Brian Wolff
Hi,

Not a web application security scanner, but on a related note, I am
currently experimenting with using static analysis to detect flaws in
MediaWiki extensions -
https://github.com/wikimedia/Phan-Taint-Check-Plugin . It is still
rather experimental (And has some annoying dependency requirements
that I need to fix), but perhaps it would be helpful to you.

I'd be very interested in hearing about any successes you have with
security scanning tools.

--
Brian

On Tue, Feb 13, 2018 at 1:56 PM, Evans, Richard K. (GRC-H000)
<[hidden email]> wrote:

> As I am advocating for increased adoption of Mediawiki in my organization, they have asked me if there are any pre-existing Web Application Security Scanners for Mediawiki. They mentioned "Netsparker" as an example of a web application security scanning tool that they use already and asked me if I knew if it was adequate for Mediawiki.. I did not know. So I thought I'd ask here if the Mediawiki Dev. community has any recommendations for web application security scanning tools that are known to work well for Mediawiki sites.
>
> Does anyone run a Mediawiki site that is audited a Web Application Security Scanner tool? If so, I'd love to hear from you.
>
> Thanks,
> -Rich
>
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Web application security scanner for Mediawiki?

rkevans
Hi Brian,

The Phan-Taint-Check-Plugin looks great. I'll look into using it whn I'm considering new extensions. Thanks! .. I have had some private responses regarding the security scanning that have named tools such as MVM, Nessus, and Acunetix.. All new words to me.. I'll continue to keep this thread updated with what I learn as I learn it. But please, if anyone reading this has any insight, about application security scanning tools... please weigh-in.

-Rich


-----Original Message-----
From: MediaWiki-l [mailto:[hidden email]] On Behalf Of Brian Wolff
Sent: Tuesday, February 13, 2018 9:50 AM
To: MediaWiki announcements and site admin list
Subject: Re: [MediaWiki-l] Web application security scanner for Mediawiki?

Hi,

Not a web application security scanner, but on a related note, I am currently experimenting with using static analysis to detect flaws in MediaWiki extensions - https://github.com/wikimedia/Phan-Taint-Check-Plugin . It is still rather experimental (And has some annoying dependency requirements that I need to fix), but perhaps it would be helpful to you.

I'd be very interested in hearing about any successes you have with security scanning tools.

--
Brian

On Tue, Feb 13, 2018 at 1:56 PM, Evans, Richard K. (GRC-H000) <[hidden email]> wrote:

> As I am advocating for increased adoption of Mediawiki in my organization, they have asked me if there are any pre-existing Web Application Security Scanners for Mediawiki. They mentioned "Netsparker" as an example of a web application security scanning tool that they use already and asked me if I knew if it was adequate for Mediawiki.. I did not know. So I thought I'd ask here if the Mediawiki Dev. community has any recommendations for web application security scanning tools that are known to work well for Mediawiki sites.
>
> Does anyone run a Mediawiki site that is audited a Web Application Security Scanner tool? If so, I'd love to hear from you.
>
> Thanks,
> -Rich
>
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l