|
SecurityFrom WikiSym 2008
Wiki SecurityWe discussed what we mean by wiki security and what we needed of it. A summary of the issues is:
We also discussed a little on how to test for security issues. Alex (User:Kensanata) argued against Big Brother solutions and explained his spam fighting strategy: The idea is to always spend less time on it than the spammer. Always. If spammers drag you into an arms race, you just invest the minimal amount of energy to solve the problem. Avoid burnout at all cost. See also Research Paper Security of Community Developed and 3rd party Wiki Plug-ins. Access ControlAccess control is not considered to be "the wiki way" but it is generally required in corporate environments. Examples of desired access control included:
BugsAll software has bugs, and some of the bugs will be "security" bugs or vulnerabilities. Note that certain types of vulnerabilities will undermine access control (see above) and may compromise information (see below). One question was "how to test for security bugs?". The following two books are quite useful for anyone wanting to do security testing of software (no relationship to authors or publishers; links are not sponsored referrals) Book: The Art of Software Security Testinghttp://www.softwaresecuritytesting.com/ This book is useful for someone used to testing software (eg QA testing) and wishes to extend their range of testing to include testing for security issues. The emphasis is on testing rather than analysing code (see below for that) Book: The Art of Software Security AssessmentThis is a large and reasonably comprehensive text; it is not for the faint-hearted. The text covers in some detail the types of coding errors that result in security vulnerabilities; some of these cases are very esoteric so this is not a book for beginners. However, the approach of the book is targeted at people that write and/or review code; for such people this is a far more comprehensive book than the above. ComplianceRegulations like HIPPA, PCI, etc require that certain types of information are afforded certain types of protection. Wikis (and in particular application wikis) make it very easy for a user to enter data that is not adequately protected by the wiki. This is likely to require user education about the type of data that they handle, rather than a technological solution. |
News
See the photos of WikiSym2008
Take a look at the official photos of WikiSym2008. You have photos of your own? Add yours to the pile!.
Are you in the mosaic?
Show us who you are. Put your photo on the participants mosaic.
Conference Pocket Guide Conference Program
2008-08-22
WikiWalk
join now!
Keynote and Invited speakers
2008-06-15
Local Information
automatically updated
Poster / Badge
|
||||||||