Skip to Content
Last modified by Agnease on 2026/06/08 18:44
From version 3.12
edited by Agnease
on 2026/06/08 18:44
Change comment: There is no comment for this version
To version 1.9
edited by Agnease
on 2026/05/26 10:48
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -28,12 +28,9 @@
28 28   <h4>In this guide</h4>
29 29   <ul>
30 30   <li><a href="#why-it-matters">Why it matters</a></li>
31 - <li><a href="#quick-self-check">Quick self-check</a></li>
32 32   <li><a href="#what-to-review">What to review</a></li>
33 - <li><a href="#common-findings">Common findings</a></li>
34 34   <li><a href="#security-checklist">Security checklist</a></li>
35 35   <li><a href="#review-output">What the review should produce</a></li>
36 - <li><a href="#readiness-checklist">What to prepare</a></li>
37 37   <li><a href="#when-to-review">When to run a review</a></li>
38 38   <li><a href="#security-review-faq">FAQ</a></li>
39 39   </ul>
... ... @@ -48,11 +48,6 @@
48 48   </p>
49 49  
50 50   <p>
51 - An XWiki security review is a practical audit of the platform configuration, access model,
52 - authentication setup, installed extensions, custom code, infrastructure and recovery procedures.
53 - </p>
54 -
55 - <p>
56 56   Security risks are often hidden in less visible areas: outdated versions, inherited permissions,
57 57   forgotten administrator accounts, overly powerful rights, old extensions, undocumented scripts,
58 58   weak fallback access or backup assumptions that were never tested.
... ... @@ -67,9 +67,10 @@
67 67   </div>
68 68  
69 69   <p>
70 - The value of the review is not only to find technical issues. It is to understand how the instance is actually
71 - used, where risk has accumulated over time, and what should be cleaned up before the next upgrade, migration,
72 - authentication change or business-critical rollout.
62 + An XWiki security review is a structured assessment of the wiki platform, its configuration,
63 + access model, authentication mechanisms, extensions, customizations and operational setup.
64 + The goal is to identify risks, maintenance weaknesses and upgrade blockers before they affect
65 + users or business-critical content.
73 73   </p>
74 74  
75 75   <div class="resource-note">
... ... @@ -93,34 +93,10 @@
93 93   </p>
94 94  
95 95   <p>
96 - In real XWiki instances, security problems are rarely caused by a single visible mistake. They often come from
97 - years of small configuration decisions: one temporary group, one local right exception, one old extension, one
98 - undocumented script, one backup procedure that nobody has tested recently.
89 + A security review helps identify risks before they become incidents, upgrade blockers or maintenance
90 + surprises. It also gives administrators a clearer view of the current state of the instance.
99 99   </p>
100 100  
101 - <h2 id="quick-self-check">Quick self-check: does your XWiki need a security review?</h2>
102 -
103 - <p>
104 - Your XWiki instance may need a security review if one or more of these situations sound familiar.
105 - </p>
106 -
107 - <ul class="resource-checklist">
108 - <li>You are not sure who currently has admin, script or programming rights.</li>
109 - <li>The instance has not been upgraded regularly or the upgrade path is unclear.</li>
110 - <li>SSO, LDAP, OIDC or SAML was configured years ago and not reviewed recently.</li>
111 - <li>Custom scripts, templates, macros or extensions exist but are not clearly documented.</li>
112 - <li>Groups and page-level rights have grown organically over several years.</li>
113 - <li>Backups exist, but the restore process has not been tested or documented.</li>
114 - <li>A new team inherited the instance and has to guess how rights, extensions or customizations were configured.</li>
115 - </ul>
116 -
117 - <div class="resource-note">
118 - <p>
119 - <strong>Practical signal:</strong> if the instance works but nobody can clearly explain the access model,
120 - the customizations and the recovery process, the risk is not only technical. It is operational.
121 - </p>
122 - </div>
123 -
124 124   <h2 id="what-to-review">What should be reviewed</h2>
125 125  
126 126   <h3>1. Version and upgrade status</h3>
... ... @@ -153,13 +153,6 @@
153 153   of small exceptions that nobody reviewed later.
154 154   </p>
155 155  
156 - <p>
157 - For a deeper look at this topic, see
158 - <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>.
159 - For a practical starting point, see
160 - <a href="$xwiki.getURL('resources.xwiki-access-rights-review')">how to start an XWiki access-rights review</a>.
161 - </p>
162 -
163 163   <h3>3. Authentication and identity management</h3>
164 164   <p>
165 165   Authentication should be reviewed beyond the simple question of whether users can log in. LDAP, Active
... ... @@ -203,45 +203,13 @@
203 203  
204 204   <div class="resource-inline-cta">
205 205   <p>
206 - <strong>Need a clearer view of your XWiki security posture?</strong>
207 - A structured review can check versions, access rights, authentication,
208 - extensions, custom code, infrastructure, backups and operational practices.
168 + <strong>Not sure how risky your current XWiki version is?</strong>
169 + A short technical review can clarify the upgrade path, extension compatibility,
170 + custom code risks and validation needs before production is touched.
209 209   </p>
210 - <a class="btn btn-default" href="$xwiki.getURL('contact.WebHome')">Request a security review</a>
172 + <a class="btn btn-secondary" href="$xwiki.getURL('contact.WebHome')">Request a quick review</a>
211 211   </div>
212 212  
213 - <h2 id="common-findings">Common findings in real XWiki security reviews</h2>
214 -
215 - <p>
216 - In real XWiki instances, security risks are often not caused by one major mistake. They usually come from
217 - configuration decisions that were reasonable at the time but were never reviewed together later.
218 - </p>
219 -
220 - <ul class="resource-checklist">
221 - <li>Old administrator accounts that are still active.</li>
222 - <li>Script or programming rights granted to users who no longer maintain the platform.</li>
223 - <li>Groups created for old projects that still grant access.</li>
224 - <li>Page-level rights added as exceptions and never documented.</li>
225 - <li>Custom Velocity or Groovy code that is business-critical but undocumented.</li>
226 - <li>Extensions installed years ago without a clear owner or upgrade validation process.</li>
227 - <li>SSO configured correctly for login, but not reviewed together with XWiki groups.</li>
228 - <li>Backup jobs scheduled automatically, but restore expectations never tested.</li>
229 - <li>Production changes performed without a staging or rollback habit.</li>
230 - </ul>
231 -
232 - <h2 id="what-this-is-not">What this review is not</h2>
233 -
234 - <p>
235 - A security review is not a one-click scan and it is not limited to checking the installed XWiki version.
236 - Automated checks can help, but they cannot fully explain why a group has access, whether a custom script is still
237 - needed, or whether a restore procedure would actually work during an incident.
238 - </p>
239 -
240 - <p>
241 - The review should combine technical checks with context: how the wiki is used, which areas are sensitive, which
242 - users administer it, what customizations matter and what the organization expects during an incident or upgrade.
243 - </p>
244 -
245 245   <h2 id="security-checklist">XWiki security review checklist</h2>
246 246  
247 247   <p>
... ... @@ -265,8 +265,8 @@
265 265   <h2 id="review-output">What the review should produce</h2>
266 266  
267 267   <p>
268 - A useful security review should not only produce a list of detected problems. It should produce a practical
269 - action plan. Each finding should explain the risk, the affected area, the recommended action and the priority.
198 + A useful security review should not only produce a list of detected problems. It should produce a practical action
199 + plan. Each finding should explain the risk, the affected area, the recommended action and the priority.
270 270   </p>
271 271  
272 272   <p>
... ... @@ -283,33 +283,6 @@
283 283   </p>
284 284   </div>
285 285  
286 - <h3>Example review finding</h3>
287 -
288 - <table class="table table-bordered table-striped">
289 - <thead>
290 - <tr>
291 - <th>Finding</th>
292 - <th>Risk</th>
293 - <th>Recommended action</th>
294 - <th>Priority</th>
295 - </tr>
296 - </thead>
297 - <tbody>
298 - <tr>
299 - <td>Several users have script rights but are no longer responsible for XWiki administration.</td>
300 - <td>Powerful rights remain active without clear ownership.</td>
301 - <td>Confirm the current need, remove obsolete assignments and document approved technical users.</td>
302 - <td>High</td>
303 - </tr>
304 - <tr>
305 - <td>Backups are scheduled, but the restore process has not been tested recently.</td>
306 - <td>Recovery expectations may be incorrect during an incident.</td>
307 - <td>Document backup coverage and perform a restore validation on a test environment.</td>
308 - <td>Medium</td>
309 - </tr>
310 - </tbody>
311 - </table>
312 -
313 313   <p>
314 314   The best outcome is a clearer, safer and more maintainable XWiki instance: one where administrators
315 315   understand the access model, critical features are documented and future upgrades can be planned with
... ... @@ -316,24 +316,6 @@
316 316   fewer surprises.
317 317   </p>
318 318  
319 - <h2 id="readiness-checklist">XWiki security review readiness checklist</h2>
320 -
321 - <p>
322 - Before starting a security review, prepare the following information. This makes the review faster and helps
323 - identify risks more clearly.
324 - </p>
325 -
326 - <ul class="resource-checklist">
327 - <li>Current XWiki version and target upgrade version, if an upgrade is planned.</li>
328 - <li>List of installed extensions and known custom applications.</li>
329 - <li>Authentication method: local users, LDAP, OIDC, SAML, SSO or MFA.</li>
330 - <li>Known restricted spaces, confidential areas or public-facing pages.</li>
331 - <li>List of technical administrators and users with powerful rights.</li>
332 - <li>Known custom scripts, templates, macros, UI extensions or Java components.</li>
333 - <li>Backup location, frequency and last restore test, if known.</li>
334 - <li>Staging or test environment availability.</li>
335 - </ul>
336 -
337 337   <h2 id="when-to-review">When should an XWiki security review be done?</h2>
338 338  
339 339   <p>
... ... @@ -347,87 +347,49 @@
347 347   permissions, extensions, customizations and recovery procedures were configured years earlier.
348 348   </p>
349 349  
350 - <div class="resource-note related-resources">
351 - <p><strong>Security review series:</strong></p>
352 - <ul>
353 - <li>
354 - <a href="$xwiki.getURL('resources.xwiki-security-review')">What an XWiki security review should actually include</a>
355 - </li>
356 - <li>
357 - <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">Why XWiki access rights need a clear governance model</a>
358 - </li>
359 - <li>
360 - <a href="$xwiki.getURL('resources.xwiki-access-rights-review')">How to start an XWiki access-rights review</a>
361 - </li>
362 - </ul>
363 - <p>
364 - Future topics will cover authentication and access control, script and programming rights,
365 - backup validation, extension review and operational practices.
366 - </p>
367 - </div>
368 -
369 369   <h2 id="security-review-faq">XWiki security review FAQ</h2>
370 370  
371 - <details class="resource-faq-item" open>
372 - <summary>What should an XWiki security review include?</summary>
373 - <p>
374 - An XWiki security review should include the installed XWiki version, upgrade path,
375 - access rights, groups, authentication setup, installed extensions, custom code,
376 - infrastructure, backups, restore expectations and operational procedures.
377 - </p>
378 - </details>
237 + <h3>What should an XWiki security review include?</h3>
238 + <p>
239 + An XWiki security review should include the installed XWiki version, upgrade path,
240 + access rights, groups, authentication setup, installed extensions, custom code,
241 + infrastructure, backups, restore expectations and operational procedures.
242 + </p>
379 379  
380 - <details class="resource-faq-item">
381 - <summary>Is an updated XWiki instance automatically secure?</summary>
382 - <p>
383 - No. Updating XWiki is important, but security also depends on permissions,
384 - authentication, extensions, custom code, infrastructure configuration, backups
385 - and how the instance is maintained.
386 - </p>
387 - </details>
244 + <h3>Is an updated XWiki instance automatically secure?</h3>
245 + <p>
246 + No. Updating XWiki is important, but security also depends on permissions,
247 + authentication, extensions, custom code, infrastructure configuration, backups
248 + and how the instance is maintained.
249 + </p>
388 388  
389 - <details class="resource-faq-item">
390 - <summary>Does SSO solve XWiki access control?</summary>
391 - <p>
392 - No. SSO helps authenticate users, but access control still depends on XWiki groups,
393 - inherited permissions, page-level rights and administrative privileges.
394 - </p>
395 - </details>
251 + <h3>Does SSO solve XWiki access control?</h3>
252 + <p>
253 + No. SSO helps authenticate users, but access control still depends on XWiki groups,
254 + inherited permissions, page-level rights and administrative privileges.
255 + </p>
396 396  
397 - <details class="resource-faq-item">
398 - <summary>Why should custom code be reviewed?</summary>
399 - <p>
400 - Custom scripts, templates, macros, UI extensions and Java components can affect
401 - permissions, workflows, rendering, integrations and upgrade behavior. They should
402 - be identified, documented and tested.
403 - </p>
404 - </details>
257 + <h3>Why should custom code be reviewed?</h3>
258 + <p>
259 + Custom scripts, templates, macros, UI extensions and Java components can affect
260 + permissions, workflows, rendering, integrations and upgrade behavior. They should
261 + be identified, documented and tested.
262 + </p>
405 405  
406 - <details class="resource-faq-item">
407 - <summary>When should an XWiki security review be done?</summary>
264 + <h3>When should an XWiki security review be done?</h3>
265 + <p>
266 + A review is useful before a major upgrade, after years of organic growth, after
267 + authentication changes, before exposing the wiki more broadly, or when the instance
268 + becomes business-critical.
269 + </p>
270 +
271 + <div class="resource-note">
408 408   <p>
409 - A review is useful before a major upgrade, after years of organic growth, after
410 - authentication changes, before exposing the wiki more broadly, or when the instance
411 - becomes business-critical.
273 + Related resources:
274 + <a href="$xwiki.getURL('resources.why-upgrade-xwiki')">why regular XWiki upgrades matter</a>
275 + and
276 + <a href="$xwiki.getURL('resources.xwiki-custom-development')">how to keep XWiki custom development maintainable across upgrades</a>.
412 412   </p>
413 - </details>
414 -
415 - <div class="resource-note related-resources">
416 - <p><strong>Related resources:</strong></p>
417 - <ul>
418 - <li>
419 - <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">Why XWiki access rights need a clear governance model</a>
420 - </li>
421 - <li>
422 - <a href="$xwiki.getURL('resources.xwiki-access-rights-review')">How to start an XWiki access-rights review</a>
423 - </li>
424 - <li>
425 - <a href="$xwiki.getURL('resources.why-upgrade-xwiki')">Why regular XWiki upgrades matter</a>
426 - </li>
427 - <li>
428 - <a href="$xwiki.getURL('resources.xwiki-custom-development')">How to keep XWiki custom development maintainable across upgrades</a>
429 - </li>
430 - </ul>
431 431   </div>
432 432  
433 433   <div class="resource-cta">
xwiki-security-review.png
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.Admin
Size
... ... @@ -1,1 +1,0 @@
1 -1.3 MB
Content