From WikiSym 2008
We discussed what we mean by wiki security and what we needed of it. A summary of the issues is:
We also discussed a little on how to test for security issues.
Alex (User:Kensanata) argued against Big Brother solutions and explained his spam fighting strategy: The idea is to always spend less time on it than the spammer. Always. If spammers drag you into an arms race, you just invest the minimal amount of energy to solve the problem. Avoid burnout at all cost.
See also Research Paper Security of Community Developed and 3rd party Wiki Plug-ins.
Access control is not considered to be "the wiki way" but it is generally required in corporate environments. Examples of desired access control included:
All software has bugs, and some of the bugs will be "security" bugs or vulnerabilities. Note that certain types of vulnerabilities will undermine access control (see above) and may compromise information (see below).
One question was "how to test for security bugs?". The following two books are quite useful for anyone wanting to do security testing of software (no relationship to authors or publishers; links are not sponsored referrals)
Book: The Art of Software Security Testing
This book is useful for someone used to testing software (eg QA testing) and wishes to extend their range of testing to include testing for security issues. The emphasis is on testing rather than analysing code (see below for that)
Book: The Art of Software Security Assessment
This is a large and reasonably comprehensive text; it is not for the faint-hearted. The text covers in some detail the types of coding errors that result in security vulnerabilities; some of these cases are very esoteric so this is not a book for beginners. However, the approach of the book is targeted at people that write and/or review code; for such people this is a far more comprehensive book than the above.
Regulations like HIPPA, PCI, etc require that certain types of information are afforded certain types of protection. Wikis (and in particular application wikis) make it very easy for a user to enter data that is not adequately protected by the wiki. This is likely to require user education about the type of data that they handle, rather than a technological solution.
See the photos of WikiSym2008
Are you in the mosaic?
Keynote and Invited speakers
Poster / Badge