Page MenuHomePhabricator

Develop "security testing toolboxes" (PHP) for manual security reviews
Closed, ResolvedPublic

Description

These are simple "toolboxes" for developers to easily run security-related tooling, mostly to capture low-hanging fruit and provide baseline analyses. These are not in any way to be thought of as capable of performing exhaustive security reviews by themselves. They are in various states of development and I've been using some of them during security reviews. The goal here is to polish these and eventually push to wikimedia/security/tooling. Currently:

Details

Related Gerrit Patches:
wikimedia/security/tooling : masterSmall improvements to php-security-tools grep scripts
wikimedia/security/tooling : masterPHP-Security-Tools

Event Timeline

sbassett created this task.Apr 19 2019, 7:27 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 19 2019, 7:27 PM
sbassett triaged this task as Low priority.Apr 19 2019, 7:27 PM
sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)Apr 19 2019, 8:12 PM
sbassett moved this task from Incoming to In Progress on the Security-Team board.Jun 11 2019, 7:24 PM
sbassett moved this task from Backlog to In Progress on the user-sbassett board.
sbassett moved this task from In Progress to Backlog on the user-sbassett board.Jul 10 2019, 9:10 PM
sbassett moved this task from Backlog to In Progress on the user-sbassett board.

Change 539205 had a related patch set uploaded (by SBassett; owner: SBassett):
[wikimedia/security/tooling@master] PHP-Security-Tools

https://gerrit.wikimedia.org/r/539205

Change 539205 merged by jenkins-bot:
[wikimedia/security/tooling@master] PHP-Security-Tools

https://gerrit.wikimedia.org/r/539205

sbassett raised the priority of this task from Low to Medium.Nov 1 2019, 6:38 PM
sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)
sbassett moved this task from In Progress to Postponed on the user-sbassett board.Nov 1 2019, 7:07 PM

Change 548546 had a related patch set uploaded (by SBassett; owner: SBassett):
[wikimedia/security/tooling@master] Small improvements to php-security-tools grep scripts

https://gerrit.wikimedia.org/r/548546

Change 548546 merged by jenkins-bot:
[wikimedia/security/tooling@master] Small improvements to php-security-tools grep scripts

https://gerrit.wikimedia.org/r/548546

sbassett renamed this task from Develop "security testing toolboxes" for manual security reviews, push to wikimedia/security/tooling repo to Develop "security testing toolboxes" (PHP) for manual security reviews.Tue, Nov 12, 11:13 PM
sbassett closed this task as Resolved.
sbassett updated the task description. (Show Details)
sbassett added a project: Security-Team.
sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.