Changes for page What an XWiki Security Review Should Actually Include
Last modified by Agnease on 2026/06/08 18:44
Summary
-
Page properties (1 modified, 0 added, 0 removed)
-
Attachments (0 modified, 0 added, 1 removed)
Details
- Page properties
-
- Content
-
... ... @@ -122,13 +122,6 @@ 122 122 of small exceptions that nobody reviewed later. 123 123 </p> 124 124 125 - <p> 126 - For a deeper look at this topic, see 127 - <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>. 128 - For a practical starting point, see 129 - <a href="$xwiki.getURL('resources.xwiki-access-rights-review')">how to start an XWiki access-rights review</a>. 130 - </p> 131 - 132 132 <h3>3. Authentication and identity management</h3> 133 133 <p> 134 134 Authentication should be reviewed beyond the simple question of whether users can log in. LDAP, Active ... ... @@ -172,11 +172,11 @@ 172 172 173 173 <div class="resource-inline-cta"> 174 174 <p> 175 - <strong>N eeda clearerviewofyour XWikisecurity posture?</strong>176 - A s tructuredreview can checkversions,accessrights,authentication,177 - extensions,custom code,infrastructure, backups andoperationalpractices.168 + <strong>Not sure how risky your current XWiki version is?</strong> 169 + A short technical review can clarify the upgrade path, extension compatibility, 170 + custom code risks and validation needs before production is touched. 178 178 </p> 179 - <a class="btn btn-secondary" href="$xwiki.getURL('contact.WebHome')">Request a securityreview</a>172 + <a class="btn btn-secondary" href="$xwiki.getURL('contact.WebHome')">Request a quick review</a> 180 180 </div> 181 181 182 182 <h2 id="security-checklist">XWiki security review checklist</h2> ... ... @@ -239,18 +239,6 @@ 239 239 permissions, extensions, customizations and recovery procedures were configured years earlier. 240 240 </p> 241 241 242 - <div class="resource-note"> 243 - <p> 244 - <strong>Security review series:</strong> 245 - this article is the main overview. You can also read 246 - <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a> 247 - and 248 - <a href="$xwiki.getURL('resources.xwiki-access-rights-review')">how to start an XWiki access-rights review</a>. 249 - Future topics will cover authentication and access control, script and programming rights, backup validation, 250 - extension review and operational practices. 251 - </p> 252 - </div> 253 - 254 254 <h2 id="security-review-faq">XWiki security review FAQ</h2> 255 255 256 256 <h3>What should an XWiki security review include?</h3> ... ... @@ -287,22 +287,13 @@ 287 287 becomes business-critical. 288 288 </p> 289 289 290 - <div class="resource-note related-resources"> 291 - <p><strong>Related resources:</strong></p> 292 - <ul> 293 - <li> 294 - <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">Why XWiki access rights need a clear governance model</a> 295 - </li> 296 - <li> 297 - <a href="$xwiki.getURL('resources.xwiki-access-rights-review')">How to start an XWiki access-rights review</a> 298 - </li> 299 - <li> 300 - <a href="$xwiki.getURL('resources.why-upgrade-xwiki')">Why regular XWiki upgrades matter</a> 301 - </li> 302 - <li> 303 - <a href="$xwiki.getURL('resources.xwiki-custom-development')">How to keep XWiki custom development maintainable across upgrades</a> 304 - </li> 305 - </ul> 271 + <div class="resource-note"> 272 + <p> 273 + Related resources: 274 + <a href="$xwiki.getURL('resources.why-upgrade-xwiki')">why regular XWiki upgrades matter</a> 275 + and 276 + <a href="$xwiki.getURL('resources.xwiki-custom-development')">how to keep XWiki custom development maintainable across upgrades</a>. 277 + </p> 306 306 </div> 307 307 308 308 <div class="resource-cta">
- xwiki-security-review.png
-
- Author
-
... ... @@ -1,1 +1,0 @@ 1 -XWiki.Admin - Size
-
... ... @@ -1,1 +1,0 @@ 1 -1.3 MB - Content