Security Analysis on Processwire CMS

[neildaemond]

Hey Ya'll,

Just for fun, I'm going to do a Security Analysis on Processwire by following the principles in Hacking Exposed 3 - Web Applications. I think It'll be nice to show my clients a final summary to help reassure them how secure things are, while giving me some credibility for being security conscious~

Anyways, I'm kind of busy these days, so it won't be updated too often, and of course I'll let The PW team fix any issues prior to releasing any security holes.

BUT, if your interested, the feel free to subscribe to the RSS feed for this topic.. otherwise you can find it here:

http://neilpahl.com/logs/security-projects-public/processwire-cms-security-analysis/

if there is any interest, I'll make an email subscription available for this topic feed~

Let me know if there is any specific area you feel the security should be looked at more closely...

Cheers,

[ryan]

Thanks for taking the time to do this testing Neil. I look forward to seeing the results and learning any ways we can make it even more secure. I've put a lot of focus and effort into the security of ProcessWire and think (hope!) we will score well. I'm not aware of any others that have run a comprehensive security analysis like you, so am very interested. If you find any concerns you want to review with me before posting, PM me here or email ryan at this domain name. Security is one of my favorite topics when it comes to web apps, so very happy to hear about this.

[teppo]

@neildaemond, that sounds like a very interesting topic! Please keep us posted here about your progress, would love to hear more about this

[SiNNuT]

Nice Neil, i will follow your work with interest.

[neildaemond]

Its nice to know there will be some interest... it will also be my pleasure.

But, seriously don't expect anything very soon or too frequent~