Brion Vibber, the Wikimedia Foundation‘s lead developer, is the guiding hand behind the ongoing improvement of MediaWiki. MediaWiki is one of the most widely-used Web applications in the world, and is the software basis for Wikipedia. On the Wikitech mailing list, he offered some insight into how he ensures secure development of the MediaWiki software.
Paraphrased slightly, the five key points are:
- Don’t construct SQL by hand; use query-building abstractions to ensure proper encoding.
- Don’t construct HTML output by hand; use wiki parser where suitable or XML-building abstractions to ensure proper encoding.
- Don’t use $_GET, $_POST, $_REQUEST, and similar values directly; use abstractions that provide some basic data type validation.
- Don’t use explicit include()s or require()s with configured paths; use class autoloader. When an explicit include is needed, always precede it with a constant check to avoid remote include vulnerabilities.
- Make sure the fuzz testing tools get pulled out from time to time to look for HTML injection bugs (i.e. XSS vulnerabilities) and other such surprises.
All of this can really be boiled down to the following:
- Use tools that are designed to produce consistent, reliable, secure code. When there’s a problem, fix the tool — not just the code it produced. This helps guard against human error, reduces duplication of effort, and ensures your developers always know what’s going on in the code so they won’t introduce bugs later trying to extend others’ work.
- Test the results, regardless of how good a job you think you did. Subject it to significant stress, looking for where it breaks and misbehaves.