Secure Coding mailing list archives
Secure Web Application Framework Manifesto
From: rklists at gmail.com (Rohit Sethi)
Date: Tue, 12 Jan 2010 09:23:10 -0500
Hi all, Many of us have argued that the features of underlying web applications frameworks will make a major impact on the security of the individual applications built on top of them. To that end, a few of my colleagues and myself have put together a ?Secure Web Application Framework Manifesto?. In many ways, this is the inverse of the work that Arshan and the Intrinsic Security Working Group did- our emphasis is on providing a set of requirements for frameworks to follow, rather than evaluating the frameworks themselves. Ideally, frameworks will adhere to the manifesto and publish a list of the features implemented. This helps developers make intelligent decisions about the underlying security of the frameworks they use, and should have the additional benefit of enhancing the default security of web applications. I?d like to propose turning this into an OWASP project, but wanted to solicit feedback from the security community prior to turning it into an official project. Here?s the link to the paper: http://labs.securitycompass.com/papers/secure-web-application-framework-manifesto-v0-05.pdf -- Rohit Sethi Security Compass http://www.securitycompass.com
Current thread:
- Secure Web Application Framework Manifesto Rohit Sethi (Jan 12)
- Secure Web Application Framework Manifesto Paco Hope (Jan 12)
- Secure Web Application Framework Manifesto Rohit Sethi (Jan 12)
- Secure Web Application Framework Manifesto Paco Hope (Jan 12)