WebsiteBaker Community Forum

WebsiteBaker => Security Announcements => Topic started by: FrankH on August 16, 2009, 08:48:25 AM

Title: Joining the WebsiteBaker Security Team
Post by: FrankH on August 16, 2009, 08:48:25 AM

Until now there have been no known successful large hacker attacks against WebsiteBaker. This might change with the increasing spreading of this wonderful CMS and with the increasing number of addons available. To help prevent successful atacks, the Security Team has the following tasks:

• Collect information about insecurities in WB code (core as well as addons).
• Ask authors to fix holes, and help them to do this if necessary. In urgent cases, and if no author of an addon is available, the team might need to proivde patches by itself.
  
• After a patch is available, inform the usership about it and about the best way to upgrade.
  
• Make an inventory about the addons on AMASP regarding their security rating and maintaining status. Mark modules accordingly.
  
• Create a document describing how to harden the WB installation.
  
• Create a document describing how to write secure addons (probably as part of a complete module primer).

As you see, there is a lot to do, so the Security Team does need some active members.
Requirements for members are:

• At least basic knowledge about web application security and about at least one part of PHP, MySQL, Apache, OS, Javascript.
  
• Ability and willpower to improve this knowledge, preferably by self studies (the internet is full of information).
  
• Some time for actively working in the team on the tasks listed above.

If you feel some interest in helping to solve one of the tasks listed above as a member of the WebsiteBaker Security Team, just fill out the form on http://start.websitebaker2.org/en/join-the-team.php and do not forget to check “Security Team” in Interests.

Thanks

Frank