wp-e-commerce / WP-e-Commerce

WP eCommerce - The most popular independent eCommerce platform for WordPress
https://wpecommerce.org
GNU General Public License v2.0
215 stars 216 forks source link

Security Audit #35

Open JustinSainton opened 11 years ago

JustinSainton commented 11 years ago

We've done a pretty significant $wpdb query security audit over the last year, but it wasn't a comprehensive security audit. For 3.9, I'd like to review the entire codebase to ensure we're in alignment with proper data sanity, validation, sanitization and escaping philosophies.

Nearly all the new code Gary and I have written over the last year is quite secure, but we still have a significant chunk of the codebase that is legacy code - I've worked on the project for almost 3 years, and I still see code I don't recall ever seeing before.

We haven't caught wind of too many major vulnerabilities, but there have been a few in the last year or so - I'd like to make sure we catch them all, resolve them, and build out policies and procedures moving forward that place a primary emphasis on security.

princezuda commented 10 years ago

May this be assigned to me? This is my specialty.

princezuda commented 10 years ago

Or if you want to be really secure, you can use bugcrowd.com. They have 6700 security researchers that tear apart code. My company is part of the program.