Secure Web Application Framework Manifesto

[rklists at gmail.com (Rohit Sethi)]

Hi all,

Many of us have argued that the features of underlying web
applications frameworks will make a major impact on the security of
the individual applications built on top of them.

To that end, a few of my colleagues and myself have put together a
?Secure Web Application Framework Manifesto?. In many ways, this is
the inverse of the work that Arshan and the Intrinsic Security Working
Group did-  our emphasis is on providing a set of requirements for
frameworks to follow, rather than evaluating the frameworks
themselves. Ideally, frameworks will adhere to the manifesto and
publish a list of the features implemented. This helps developers make
intelligent decisions about the underlying security of the frameworks
they use, and should have the additional benefit of enhancing the
default security of web applications.

I?d like to propose turning this into an OWASP project, but wanted to
solicit feedback from the security community prior to turning it into
an official project.

Here?s the link to the paper:
http://labs.securitycompass.com/papers/secure-web-application-framework-manifesto-v0-05.pdf


-- 
Rohit Sethi
Security Compass
http://www.securitycompass.com