On Fri, 30 Mar 2012 06:14:13 +0200, Andreas Haerter wrote:
Hi, I just created <http://www.dokuwiki.org/devel:security_audit>. Feel free to help improving the page. :-)
Hello DokuWiki Team!I think having this Security Audit is a really great idea. I was a bit shocked by the price tag. Hopefully you will find some sponsors.
Just as a suggestion/alternative: You could also organize a "DokuWiki Hack Competition" and propose a price for the winner.
- Setup a default dokuwiki installation - Let people try to hack it- Maybe setup some challenges: Try to get the admin password. Change the content of a page, that you would normally not be allowed to. etc. - Of course hackers my only use security flaws wihtin dokuwiki itself. (Any bugs in the webserver are not allowed. That would be cheating)
IMHO if you publish this in the right forums and propose say 100€ for the winner, you might hopefully get some experienced "white hacker" do some work.
RobertDid you already now this? I don't know if this is still current. Just found it:
http://www.cvedetails.com/vulnerability-list/vendor_id-9794/Dokuwiki.html -- DokuWiki mailing list - more info at http://www.dokuwiki.org/mailinglist