Joomla Extension Secure Coding Policy

Here you can contact the editors of our Extensions site, as well as access infomation relating to this site.

Moderator: JED Team

Forum rules
Forum Rules
READ ME <-- please read before posting, this means YOU.
Post Reply
sriz786
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Sun Feb 18, 2007 5:40 am

Joomla Extension Secure Coding Policy

Post by sriz786 » Thu Jul 15, 2021 9:04 pm

Hello friends,
Joomla has a Governance responsibility to establish extension (JED Policy) for secure code development before publishing it the extensions in JED.

Instead of requiring extension developers to meet secure coding, best way to enforce extension secure coding requirements by setting up Extension secure code review before approval to publish in the JED.

2 most known secure coding review tools are

1. https://www.zaproxy.org/

2. https://portswigger.net/burp/communitydownload

This will help entire Joomla ecosystem, ensure to meet Joomla for security campaign and awareness and above all this is such a critical need that Joomla Foundation needs to mandate and implement the Joomla Extension secure code policy & tools to ensure Joomla users can have better secure environment using Joomla 4all.

Please advise.

Thank you,
Riz
Last edited by imanickam on Thu Jul 15, 2021 11:41 pm, edited 1 time in total.
Reason: Moved topic » from Security in Joomla! 3.x to extensions.joomla.org - Feedback/Information

User avatar
Llewellyn
Joomla! Apprentice
Joomla! Apprentice
Posts: 28
Joined: Sat Jun 14, 2008 10:45 am
Location: Windhoek, Namibia
Contact:

Re: Joomla Extension Secure Coding Policy

Post by Llewellyn » Wed Sep 15, 2021 12:22 am

We have the JED checker and it is constantly being improved to achieve a measure of best practice and security.

Your proposal and involvement will be best realized by making a contribution to this initiative.

Please look for example at this code and see where we can improve, make a pull request or open an issue to start a more detailed conversation.

The reality is this extension can be installed and used to test any extension before submitting it to the JED, as this is the same tool we use.

Saying:
sriz786 wrote:
Thu Jul 15, 2021 9:04 pm
...Joomla Foundation needs to mandate and implement the Joomla Extension secure code policy & tools to ensure Joomla users can have better secure environment using Joomla 4all...
Just does not sound right, specially since we have tools and we do have a mandate and policies that many volunteers have worked very hard to establish over many years.

I understand, it could be that you did not know all this, or you may even think its not enough... :pop

Truth is you can make a huge contribution yourself... just go over to the repository of the JED checker on GitHub, and let the collaboration begin ;)
<<ewe>>yn :geek:

Production Assistant to the DC
JED Team Leader
JCB Lead Developer


Post Reply

Return to “extensions.joomla.org - Feedback/Information”