User:CSteipp

From MediaWiki.org
Jump to: navigation, search


Chris Steipp
Software Security Engineer, Wikimedia Foundation
Prevent, Detect, Respond.
Steipp, Chris 4.11.2013.jpg

About me

Early on in life, I fell in love with seeing the mathematics that underpin modern cryptographic systems, and a certain beauty of those systems. I studied security in school, ending with an MSc from Royal Holloway (you can blame them for Lucky 13, among other things). My thesis was on trust in anonymity networks, because it was a difficult enough problem to keep me interested. I've been working in the information security industry since. Unlike most members of the platform team, I was not involved in the community before the foundation hired me, although I've had a passion for open source and openness in security throughout my career. Working for the foundation has given me a new window into what security can look like in open and transparent organizations.

My work

All things application security related for MediaWiki
Disclaimer: Although I work for the Wikimedia Foundation, contributions under this account do not necessarily represent the actions or views of the Foundation unless expressly stated otherwise. For example, edits to articles or uploads of other media are done in my individual, personal capacity unless otherwise stated.

Contact me

  • csteipp on freenode IRC
  • csteipp@wikimedia.org
  • For general security issues, please use security@wikimedia.org

Current projects[edit | edit source]

Security auditing and response[edit | edit source]

Auth Sprint (Spring '13)[edit | edit source]

  • 2014-03-monthly:
    The team prepared the migration of the central OAuth database from mediawiki.org to Meta-Wiki, and got input from the Wikimedia Foundation's legal team regarding the OAuth process.

Password storage update (Winter '14)[edit | edit source]

Other Stuff[edit | edit source]

CSteipp/OAuth Wiki-Select.js CSteipp/OAuth demo client
CSteipp/Sandbox CSteipp/Security properties CSteipp/Test
CSteipp/TestJS.js CSteipp/Training CSteipp/Training/VulnTagging easy
CSteipp/Training/VulnTagging js CSteipp/Training/VulnTagging medium
CSteipp/XmlTest CSteipp/common.js