Secure Coding mailing list archives
Re: Towards framework security
From: Rohit Sethi <rklists () gmail com>
Date: Mon, 14 Mar 2011 17:04:38 -0400
Hi Benjamin, I appreciate the suggestion. I think the challenge is that it's hard to find a one size fits-all solution. Moreover, the requirements as they currently stand don't reflect the reality of implementation challenges for frameworks. The whitepaper will forever live as an artifact on http://labs.securitycompass.com/papers/secure-web-application-framework-manifesto-v0-08.pdf- it might be useful as reference material and to give an idea of a starting point on things you can do to integrate with frameworks. On Mon, Mar 14, 2011 at 3:36 PM, Benjamin Tomhave < tomhave () secureconsulting net> wrote:
That's interesting - thanks for the update Rohit. I'm curious about one thing, though (and, first, allow me to don my flak jacket). I think integrating with a project like Django to simply *ahem* "build security in" is a great approach, but I hate to see the white paper lost. Why not also look at joining efforts with something like the Rugged Manifesto movement? fwiw. On 3/11/11 1:14 PM, Rohit Sethi wrote:Last year we released a project called the Secure Web Application Framework Manifesto on OWASP. I'd like to announce that we're closing it, in favor of simply working with Django itself. I'm hoping others will adopt the same mentality for other popular open source frameworks and libraries. Details here:http://labs.securitycompass.com/index.php/2011/03/11/closing-the-secure-web-application-framework-manifesto-project/Cheers, -- Rohit Sethi Security Compass http://www.securitycompass.com twitter: rksethi _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc -http://krvw.com/mailman/listinfo/sc-lList charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________-- Benjamin Tomhave, MS, CISSP tomhave () secureconsulting net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview LI: http://www.linkedin.com/in/btomhave [ Random Quote: ] "Perhaps in time the so-called Dark Ages will be thought of as including our own." Georg Christoph Lichtenberg _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
-- Rohit Sethi Security Compass http://www.securitycompass.com twitter: rksethi
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Towards framework security Rohit Sethi (Mar 12)
- Re: Towards framework security Benjamin Tomhave (Mar 14)
- Re: Towards framework security Rohit Sethi (Mar 14)
- Re: Towards framework security Benjamin Tomhave (Mar 14)