Framed! Security-Patching Common Web Development Frameworks
No ratings
Presented at OWASP Appsec 2010 by
Developers don’t write insecure code on purpose, they simply work with tools they’re given to deliver functional web applications. More and more often developers are relying on pre-built development frameworks (such as JSF, Struts, Spring, DWR, etc) which are not built to be secure, thus allowing for insecure applications. The purpose of this project and discussion is to discuss which frameworks are most in need of attention (and how we can identify those) and then decide on how to proceed with patching these frameworks upstream in the code such that it’s easier for a developer to write secure applications than not. We will discuss which frameworks are in most need of attention, the project charter and direction, participation and other project-related items.