May 1 Wikimedia Tech Talk June 27
What Attack vectors & MediaWiki /// OWASP ZAP
How Google Hangout on Air / YouTube stream + IRC for questions to the speakers.
When Thursday, June 27, 2013, 19:30 UTC (12:30 PDT), 60 minutes
  • Physical space: Wikimedia Foundation Inc., 149 New Montgomery Street, 3rd Floor, San Francisco, CA 94105, USA, 6th floor SF office, "Collab" space
  • IRC: #wikimedia-dev connect
  • YouTube stream
Food Brown bag - bring your own
Facilitators tbc

Attack vectors & MediaWiki[edit]

Mike Gagnon is an independent security researcher and a software engineer at Twitter. He's been doing research on defending against algorithmic complexity attacks. He and Ivan Balepin have a report coming out that analyzes attack vectors in a few popular open source applications, one of which is MediaWiki. They're interested in presenting their findings.

Collateral:: YouTube Video (go to 0:27) | Slides

For further background on software security, check Manual:Security.


Adam Baso talked about OWASP Zed Attack Proxy (ZAP), a web application penetration testing tool.

Collateral: YouTube Video (go to 32:06) | Slides | Google Drive Presentation

OWASP ZAP Demo Slides