We've done a pretty significant $wpdb query security audit over the last year, but it wasn't a comprehensive security audit. For 3.9, I'd like to review the entire codebase to ensure we're in alignment with proper data sanity, validation, sanitization and escaping philosophies.
Nearly all the new code Gary and I have written over the last year is quite secure, but we still have a significant chunk of the codebase that is legacy code - I've worked on the project for almost 3 years, and I still see code I don't recall ever seeing before.
We haven't caught wind of too many major vulnerabilities, but there have been a few in the last year or so - I'd like to make sure we catch them all, resolve them, and build out policies and procedures moving forward that place a primary emphasis on security.
Or if you want to be really secure, you can use bugcrowd.com. They have 6700 security researchers that tear apart code. My company is part of the program.
We've done a pretty significant $wpdb query security audit over the last year, but it wasn't a comprehensive security audit. For 3.9, I'd like to review the entire codebase to ensure we're in alignment with proper data sanity, validation, sanitization and escaping philosophies.
Nearly all the new code Gary and I have written over the last year is quite secure, but we still have a significant chunk of the codebase that is legacy code - I've worked on the project for almost 3 years, and I still see code I don't recall ever seeing before.
We haven't caught wind of too many major vulnerabilities, but there have been a few in the last year or so - I'd like to make sure we catch them all, resolve them, and build out policies and procedures moving forward that place a primary emphasis on security.