User:CSteipp (WMF)/ISec Audit

= Setup =

Vagrant

 * Setup vagrant
 * Use 1024M memory
 * Enable roles: centralauth visualeditor pdfhandler svg parserfunctions checkuser echo flow multimediaviewer
 * Add checkuser group to Admin user

Image
(download link)

= Priorities =
 * 1) Upload, processing, and display of images/files (especially the handling of more obscure formats like svg, and Pdf/DjVu)
 * 2) Our wikitext -> html parsing in general
 * 3) * If time allows, include the lua template engine (Scribunto extension)
 * 4) VisualEditor extension
 * 5) * Focus on the frontend javascript and parsoid
 * 6) CentralAuth extension (our authentication and single sign-on extension)
 * 7) * Focus on password, session management, single sign-on and autologin protocols
 * 8) CheckUser extension (the extension that handles all of the User<->IP mapping, which we use for spam investigations mostly)
 * 9) Flow extension
 * 10) Mediaviewer
 * 11) Echo extension

In the audit, we're hoping to cover 1-6. Others extensions will be audited as time allows.