Security of Community Developed and 3rd party Wiki Plug-ins

From WikiSym 2008

Jump to: navigation, search

Andy Webber, Oracle;

Wednesday, September 10, 13:30-15:00 @ Papers Auditorium (B001)


Research Paper

Abstract

This paper discusses the significant security vulnerabilities that can occur in community developed wiki plug-ins and issues associated with managing the process of getting them remidiated. General guidance is given on how the vulnerabilities can be detected and rectified.

The basis for the paper is direct experience with a number of community developed plug-ins for the DokuWiki wiki, although the findings are likely to be transferable to other wikis and indeed to other web based applications that support a plug-in framework.

Keywords: plugins, cross site scripting, security, responsible disclosure

Paper: http://www.wikisym.org/ws2008/proceedings/research%20papers/18500009.pdf

Presentation slides: security.pdf

Discussion

You can discuss this paper by editing this page or the talk page.

Retrieved from "http://www.wikisym.org/ws2008/index.php/Security_of_Community_Developed_and_3rd_party_Wiki_Plug-ins"
Personal tools