I'm planning to host a session at the hackathon for web-application security training. It will be especially aimed at MediaWiki extension developers and gadget developers. There will also be a question/answer portion where people can ask any web application security questions they might have. The session will hopefully be interactive, and participants are welcome to ask for specific topics to be covered (As long as it has to do with web application security).
This session will help you how to make your extensions & gadgets secure and what things to watch out for.
rough topics covered (Not final version):
- What does it mean to be secure
- Common attacks
- SQLi (For MW extensions)
- XSS (Both from a MW extension (PHP) perspective and from a gadget (JS) perspective)
- Privacy considerations (external images and what not)
- [Depending on time] CSRF
- Public YouTube stream on MediaWiki channel: https://www.youtube.com/watch?v=1SBPPDr59dw