Modern web framework are taking more and more space in the web landscape, both promising ease of use and security. However the new concepts and the complexity of these modern framework also rises new security breaches and paradigm. The component developments and the dymamic offers new vectors to compromise the applications. This talk aims at presenting some of these new vulnerabilities and new paradigms through several (patched or not) flaws on different framework : Bottle, Django , Ruby on Rails, Symfony2