Welcome, Guest. Please login or register.
Did you miss your activation email?
May 25, 2012, 03:36:56 PM

Login with username, password and session length
Search:     Advanced search
Wollen Sie dem WebsiteBaker Team beitreten?
Nähere Informationen finden Sie unter hier und auf unserer neuen Webseite.
155508 Posts in 21711 Topics by 7737 Members
Latest Member: simpleguy
* Home Help Search Login Register
Pages: [1]   Go Down
Print
Author Topic: Joining the WebsiteBaker Security Team  (Read 3128 times)
FrankH

Offline Offline

Posts: 735


WWW
« on: August 16, 2009, 07:48:25 AM »
Until now there have been no known successful large hacker attacks against websitebaker. This might change with the increasing spreading of this wonderful CMS and with the increasing number of addons available. To help prevent successful atacks, the Security Team has the following tasks:
  • Collect information about insecurities in WB code (core as well as addons).
  • Ask authors to fix holes, and help them to do this if necessary. In urgent cases, and if no author of an addon is available, the team might need to proivde patches by itself.
  • After a patch is available, inform the usership about it and about the best way to upgrade.
  • Make an inventory about the addons on AMASP regarding their security rating and maintaining status. Mark modules accordingly.
  • Create a document describing how to harden the WB installation.
  • Create a document describing how to write secure addons (probably as part of a complete module primer).

As you see, there is a lot to do, so the Security Team does need some active members.
Requirements for members are:
  • At least basic knowledge about web application security and about at least one part of PHP, MySQL, Apache, OS, Javascript.
  • Ability and willpower to improve this knowledge, preferably by self studies (the internet is full of information).
  • Some time for actively working in the team on the tasks listed above.

If you feel some interest in helping to solve one of the tasks listed above as a member of the WebsiteBaker Security Team, just fill out the form on http://start.websitebaker2.org/en/join-the-team.php and do not forget to check “Security Team” in Interests.

Thanks

Frank
« Last Edit: August 16, 2009, 06:48:10 PM by FrankH » Logged
Ochs und Esel in ihrem Lauf
halt ich leider auch nicht auf
Waldschwein
Guest
« Reply #1 on: August 16, 2009, 10:31:06 AM »
Hello!

Of course it sounds very good, but please keep in mind: There is no "official" way how security holes etc. could be reported. Yes there is the trac everybody could see and post, but WebsiteBaker should have a "closed" security reporting system (not really the PM, the forum PM is quite good but not for reporting things because mostly the person that should have the information doesn't get the PM) where either the mod / core author and (or just) the Security Team should have access. Dealing with security issues all over the forum, emails, trac system and forum PMs is not really an evicient way.

Just my thoughts...

Michael
Logged
kweitzel
Forum administrator
*****
Offline Offline

Posts: 6975


WWW
« Reply #2 on: August 16, 2009, 11:20:47 AM »
Hi Michael,

thanks for your thought, we are actually working on this one as well.

cheers

Klaus
Logged
WebsiteBaker Org e.V. - for WebsiteBaker
Pages: [1]   Go Up
Print
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines Valid XHTML 1.0! Valid CSS!
Impressum & Datenschutz | powered by WebsiteBaker. ©2004–2010 by Website Baker Org e.V. , all rights reserved | Legal Notice & Privacy Policy