Framed! Security-Patching Common Web Development Frameworks presented at OWASP Appsec 2010

by Rafal Los (hewlett packard ), Joshua Abraham (Rapid7 ),

Tags: Security Infrastructure Web Application Security

URL :!_Security-patching_Common_Web_Development_Frameworks

Summary : Developers don’t write insecure code on purpose, they simply work with tools they’re given to deliver functional web applications. More and more often developers are relying on pre-built development frameworks (such as JSF, Struts, Spring, DWR, etc) which are not built to be secure, thus allowing for insecure applications. The purpose of this project and discussion is to discuss which frameworks are most in need of attention (and how we can identify those) and then decide on how to proceed with patching these frameworks upstream in the code such that it’s easier for a developer to write secure applications than not. We will discuss which frameworks are in most need of attention, the project charter and direction, participation and other project-related items.