Skip to Content
Last modified by Agnease on 2026/06/08 18:44
From version 3.8
edited by Agnease
on 2026/06/08 18:25
Change comment: There is no comment for this version
To version 3.12
edited by Agnease
on 2026/06/08 18:44
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -28,9 +28,12 @@
28 28   <h4>In this guide</h4>
29 29   <ul>
30 30   <li><a href="#why-it-matters">Why it matters</a></li>
31 + <li><a href="#quick-self-check">Quick self-check</a></li>
31 31   <li><a href="#what-to-review">What to review</a></li>
33 + <li><a href="#common-findings">Common findings</a></li>
32 32   <li><a href="#security-checklist">Security checklist</a></li>
33 33   <li><a href="#review-output">What the review should produce</a></li>
36 + <li><a href="#readiness-checklist">What to prepare</a></li>
34 34   <li><a href="#when-to-review">When to run a review</a></li>
35 35   <li><a href="#security-review-faq">FAQ</a></li>
36 36   </ul>
... ... @@ -45,6 +45,11 @@
45 45   </p>
46 46  
47 47   <p>
51 + An XWiki security review is a practical audit of the platform configuration, access model,
52 + authentication setup, installed extensions, custom code, infrastructure and recovery procedures.
53 + </p>
54 +
55 + <p>
48 48   Security risks are often hidden in less visible areas: outdated versions, inherited permissions,
49 49   forgotten administrator accounts, overly powerful rights, old extensions, undocumented scripts,
50 50   weak fallback access or backup assumptions that were never tested.
... ... @@ -59,10 +59,9 @@
59 59   </div>
60 60  
61 61   <p>
62 - An XWiki security review is a structured assessment of the wiki platform, its configuration,
63 - access model, authentication mechanisms, extensions, customizations and operational setup.
64 - The goal is to identify risks, maintenance weaknesses and upgrade blockers before they affect
65 - users or business-critical content.
70 + The value of the review is not only to find technical issues. It is to understand how the instance is actually
71 + used, where risk has accumulated over time, and what should be cleaned up before the next upgrade, migration,
72 + authentication change or business-critical rollout.
66 66   </p>
67 67  
68 68   <div class="resource-note">
... ... @@ -86,10 +86,34 @@
86 86   </p>
87 87  
88 88   <p>
89 - A security review helps identify risks before they become incidents, upgrade blockers or maintenance
90 - surprises. It also gives administrators a clearer view of the current state of the instance.
96 + In real XWiki instances, security problems are rarely caused by a single visible mistake. They often come from
97 + years of small configuration decisions: one temporary group, one local right exception, one old extension, one
98 + undocumented script, one backup procedure that nobody has tested recently.
91 91   </p>
92 92  
101 + <h2 id="quick-self-check">Quick self-check: does your XWiki need a security review?</h2>
102 +
103 + <p>
104 + Your XWiki instance may need a security review if one or more of these situations sound familiar.
105 + </p>
106 +
107 + <ul class="resource-checklist">
108 + <li>You are not sure who currently has admin, script or programming rights.</li>
109 + <li>The instance has not been upgraded regularly or the upgrade path is unclear.</li>
110 + <li>SSO, LDAP, OIDC or SAML was configured years ago and not reviewed recently.</li>
111 + <li>Custom scripts, templates, macros or extensions exist but are not clearly documented.</li>
112 + <li>Groups and page-level rights have grown organically over several years.</li>
113 + <li>Backups exist, but the restore process has not been tested or documented.</li>
114 + <li>A new team inherited the instance and has to guess how rights, extensions or customizations were configured.</li>
115 + </ul>
116 +
117 + <div class="resource-note">
118 + <p>
119 + <strong>Practical signal:</strong> if the instance works but nobody can clearly explain the access model,
120 + the customizations and the recovery process, the risk is not only technical. It is operational.
121 + </p>
122 + </div>
123 +
93 93   <h2 id="what-to-review">What should be reviewed</h2>
94 94  
95 95   <h3>1. Version and upgrade status</h3>
... ... @@ -122,7 +122,7 @@
122 122   of small exceptions that nobody reviewed later.
123 123   </p>
124 124  
125 - <p>
156 + <p>
126 126   For a deeper look at this topic, see
127 127   <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>.
128 128   For a practical starting point, see
... ... @@ -176,9 +176,41 @@
176 176   A structured review can check versions, access rights, authentication,
177 177   extensions, custom code, infrastructure, backups and operational practices.
178 178   </p>
179 - <a class="btn btn-secondary" href="$xwiki.getURL('contact.WebHome')">Request a security review</a>
210 + <a class="btn btn-default" href="$xwiki.getURL('contact.WebHome')">Request a security review</a>
180 180   </div>
181 181  
213 + <h2 id="common-findings">Common findings in real XWiki security reviews</h2>
214 +
215 + <p>
216 + In real XWiki instances, security risks are often not caused by one major mistake. They usually come from
217 + configuration decisions that were reasonable at the time but were never reviewed together later.
218 + </p>
219 +
220 + <ul class="resource-checklist">
221 + <li>Old administrator accounts that are still active.</li>
222 + <li>Script or programming rights granted to users who no longer maintain the platform.</li>
223 + <li>Groups created for old projects that still grant access.</li>
224 + <li>Page-level rights added as exceptions and never documented.</li>
225 + <li>Custom Velocity or Groovy code that is business-critical but undocumented.</li>
226 + <li>Extensions installed years ago without a clear owner or upgrade validation process.</li>
227 + <li>SSO configured correctly for login, but not reviewed together with XWiki groups.</li>
228 + <li>Backup jobs scheduled automatically, but restore expectations never tested.</li>
229 + <li>Production changes performed without a staging or rollback habit.</li>
230 + </ul>
231 +
232 + <h2 id="what-this-is-not">What this review is not</h2>
233 +
234 + <p>
235 + A security review is not a one-click scan and it is not limited to checking the installed XWiki version.
236 + Automated checks can help, but they cannot fully explain why a group has access, whether a custom script is still
237 + needed, or whether a restore procedure would actually work during an incident.
238 + </p>
239 +
240 + <p>
241 + The review should combine technical checks with context: how the wiki is used, which areas are sensitive, which
242 + users administer it, what customizations matter and what the organization expects during an incident or upgrade.
243 + </p>
244 +
182 182   <h2 id="security-checklist">XWiki security review checklist</h2>
183 183  
184 184   <p>
... ... @@ -202,8 +202,8 @@
202 202   <h2 id="review-output">What the review should produce</h2>
203 203  
204 204   <p>
205 - A useful security review should not only produce a list of detected problems. It should produce a practical action
206 - plan. Each finding should explain the risk, the affected area, the recommended action and the priority.
268 + A useful security review should not only produce a list of detected problems. It should produce a practical
269 + action plan. Each finding should explain the risk, the affected area, the recommended action and the priority.
207 207   </p>
208 208  
209 209   <p>
... ... @@ -220,6 +220,33 @@
220 220   </p>
221 221   </div>
222 222  
286 + <h3>Example review finding</h3>
287 +
288 + <table class="table table-bordered table-striped">
289 + <thead>
290 + <tr>
291 + <th>Finding</th>
292 + <th>Risk</th>
293 + <th>Recommended action</th>
294 + <th>Priority</th>
295 + </tr>
296 + </thead>
297 + <tbody>
298 + <tr>
299 + <td>Several users have script rights but are no longer responsible for XWiki administration.</td>
300 + <td>Powerful rights remain active without clear ownership.</td>
301 + <td>Confirm the current need, remove obsolete assignments and document approved technical users.</td>
302 + <td>High</td>
303 + </tr>
304 + <tr>
305 + <td>Backups are scheduled, but the restore process has not been tested recently.</td>
306 + <td>Recovery expectations may be incorrect during an incident.</td>
307 + <td>Document backup coverage and perform a restore validation on a test environment.</td>
308 + <td>Medium</td>
309 + </tr>
310 + </tbody>
311 + </table>
312 +
223 223   <p>
224 224   The best outcome is a clearer, safer and more maintainable XWiki instance: one where administrators
225 225   understand the access model, critical features are documented and future upgrades can be planned with
... ... @@ -226,6 +226,24 @@
226 226   fewer surprises.
227 227   </p>
228 228  
319 + <h2 id="readiness-checklist">XWiki security review readiness checklist</h2>
320 +
321 + <p>
322 + Before starting a security review, prepare the following information. This makes the review faster and helps
323 + identify risks more clearly.
324 + </p>
325 +
326 + <ul class="resource-checklist">
327 + <li>Current XWiki version and target upgrade version, if an upgrade is planned.</li>
328 + <li>List of installed extensions and known custom applications.</li>
329 + <li>Authentication method: local users, LDAP, OIDC, SAML, SSO or MFA.</li>
330 + <li>Known restricted spaces, confidential areas or public-facing pages.</li>
331 + <li>List of technical administrators and users with powerful rights.</li>
332 + <li>Known custom scripts, templates, macros, UI extensions or Java components.</li>
333 + <li>Backup location, frequency and last restore test, if known.</li>
334 + <li>Staging or test environment availability.</li>
335 + </ul>
336 +
229 229   <h2 id="when-to-review">When should an XWiki security review be done?</h2>
230 230  
231 231   <p>
... ... @@ -260,39 +260,49 @@
260 260  
261 261   <h2 id="security-review-faq">XWiki security review FAQ</h2>
262 262  
263 - <h3>What should an XWiki security review include?</h3>
264 - <p>
265 - An XWiki security review should include the installed XWiki version, upgrade path,
266 - access rights, groups, authentication setup, installed extensions, custom code,
267 - infrastructure, backups, restore expectations and operational procedures.
268 - </p>
371 + <details class="resource-faq-item" open>
372 + <summary>What should an XWiki security review include?</summary>
373 + <p>
374 + An XWiki security review should include the installed XWiki version, upgrade path,
375 + access rights, groups, authentication setup, installed extensions, custom code,
376 + infrastructure, backups, restore expectations and operational procedures.
377 + </p>
378 + </details>
269 269  
270 - <h3>Is an updated XWiki instance automatically secure?</h3>
271 - <p>
272 - No. Updating XWiki is important, but security also depends on permissions,
273 - authentication, extensions, custom code, infrastructure configuration, backups
274 - and how the instance is maintained.
275 - </p>
380 + <details class="resource-faq-item">
381 + <summary>Is an updated XWiki instance automatically secure?</summary>
382 + <p>
383 + No. Updating XWiki is important, but security also depends on permissions,
384 + authentication, extensions, custom code, infrastructure configuration, backups
385 + and how the instance is maintained.
386 + </p>
387 + </details>
276 276  
277 - <h3>Does SSO solve XWiki access control?</h3>
278 - <p>
279 - No. SSO helps authenticate users, but access control still depends on XWiki groups,
280 - inherited permissions, page-level rights and administrative privileges.
281 - </p>
389 + <details class="resource-faq-item">
390 + <summary>Does SSO solve XWiki access control?</summary>
391 + <p>
392 + No. SSO helps authenticate users, but access control still depends on XWiki groups,
393 + inherited permissions, page-level rights and administrative privileges.
394 + </p>
395 + </details>
282 282  
283 - <h3>Why should custom code be reviewed?</h3>
284 - <p>
285 - Custom scripts, templates, macros, UI extensions and Java components can affect
286 - permissions, workflows, rendering, integrations and upgrade behavior. They should
287 - be identified, documented and tested.
288 - </p>
397 + <details class="resource-faq-item">
398 + <summary>Why should custom code be reviewed?</summary>
399 + <p>
400 + Custom scripts, templates, macros, UI extensions and Java components can affect
401 + permissions, workflows, rendering, integrations and upgrade behavior. They should
402 + be identified, documented and tested.
403 + </p>
404 + </details>
289 289  
290 - <h3>When should an XWiki security review be done?</h3>
291 - <p>
292 - A review is useful before a major upgrade, after years of organic growth, after
293 - authentication changes, before exposing the wiki more broadly, or when the instance
294 - becomes business-critical.
295 - </p>
406 + <details class="resource-faq-item">
407 + <summary>When should an XWiki security review be done?</summary>
408 + <p>
409 + A review is useful before a major upgrade, after years of organic growth, after
410 + authentication changes, before exposing the wiki more broadly, or when the instance
411 + becomes business-critical.
412 + </p>
413 + </details>
296 296  
297 297   <div class="resource-note related-resources">
298 298   <p><strong>Related resources:</strong></p>