Security of Community Developed and 3rd party Wiki Plug-ins

From WikiSym 2008

Jump to: navigation, search

Andy Webber, Oracle;

Wednesday, September 10, 13:30-15:00 @ Papers Auditorium (B001)


Research Paper

Abstract

This paper discusses the significant security vulnerabilities that can occur in community developed wiki plug-ins and issues associated with managing the process of getting them remidiated. General guidance is given on how the vulnerabilities can be detected and rectified.

The basis for the paper is direct experience with a number of community developed plug-ins for the DokuWiki wiki, although the findings are likely to be transferable to other wikis and indeed to other web based applications that support a plug-in framework.

Keywords: plugins, cross site scripting, security, responsible disclosure

Paper: http://www.wikisym.org/ws2008/proceedings/research%20papers/18500009.pdf

Presentation slides: security.pdf

Discussion

You can discuss this paper by editing this page or the talk page.

News
See the photos of WikiSym2008
Take a look at the official photos of WikiSym2008. You have photos of your own? Add yours to the pile!.
Are you in the mosaic?
Show us who you are. Put your photo on the participants mosaic.

  Conference Pocket Guide

Conference Program
2008-08-22
A detailed version of the Conference Program is now almost closed. However, the OpenSpace program is still open, waiting for you to contribute to it, whether before or during the conference. Add your session!!  More...
WikiWalk
join now!
Keynote and Invited speakers
2008-06-15
George P. Landow
Professor of Art and History at Brown University               More...
Stewart Nickolas
IBM Emerging Technologies
Dan Ingalls
Sun Microsystems Laboratories
Local Information
automatically updated
Poster / Badge
FEUP / UPORTO