24
edits
WebAppSec/Wordpress Security Review Process: Difference between revisions
WebAppSec/Wordpress Security Review Process (view source)
Revision as of 19:28, 20 August 2012
, 20 August 2012no edit summary
(Created page with "Note: This document is maintained on the internal mana website at the following [https://mana.mozilla.org/wiki/display/INFRASEC/Wordpress+Enhancements+Security+Review+Process lin...") |
No edit summary |
||
| (One intermediate revision by one other user not shown) | |||
| Line 8: | Line 8: | ||
* A mozillian finds/creates a new theme or plugin | * A mozillian finds/creates a new theme or plugin | ||
* The Mozillian files a security review request for review of the theme/plugin | * The Mozillian files a [https://wiki.mozilla.org/WebAppSec/Security_Review_Request security review request] for review of the theme/plugin | ||
* Infrasec reviews the theme for security issues | * Infrasec reviews the theme for security issues | ||
* IT installs the theme *after* Infrasec okays it | * IT installs the theme *after* Infrasec okays it | ||
| Line 20: | Line 20: | ||
A surprising large number of cross site scripting vulnerabilities have been found within wordpress themes and plugins. This kind of vulnerability could allow an attacker to compromise users visiting the wordpress site, steal admin wordpress credentials or even rewrite the entire page. | A surprising large number of cross site scripting vulnerabilities have been found within wordpress themes and plugins. This kind of vulnerability could allow an attacker to compromise users visiting the wordpress site, steal admin wordpress credentials or even rewrite the entire page. | ||
=The Review Process= | |||
Please view our Security Review Process Wiki page here: https://wiki.mozilla.org/Security/ReviewProcess#WordPress_Plugin_Review_Process | |||