WebApp Sec mailing list archives
Re: J2EE Application Security Code Review
From: Yousef Syed <yousef.syed () gmail com>
Date: Tue, 1 Nov 2005 17:23:16 +0000
Thanks to everyone for their help on this. ys On 31/10/05, Dean H. Saxe <dean () fullfrontalnerdity com> wrote:
Jeff, As usual, I agree with you 100%! But, there is one more thing to add: Whenever I see a development group devise their own framework for web applications I get worried. (I'm not talking about the one we did for CF5, since nothing better existed at the time!) I cannot tell you how many Java apps I reviewed in the last few months that have implemented some half-baked (there was another, less kind word in there in the first draft!) version of Struts or other MVC-like frameworks. YUCK! That always raises a red flag. -dhs Dean H. Saxe, CEH dean () fullfrontalnerdity com "Great spirits have often encountered violent opposition from weak minds." --Einstein
-- Yousef Syed
Current thread:
- J2EE Application Security Code Review Yousef Syed (Oct 28)
- Re: J2EE Application Security Code Review Eoin Keary (Oct 28)
- Re: J2EE Application Security Code Review Andrew van der Stock (Oct 28)
- Re: J2EE Application Security Code Review crazy frog crazy frog (Oct 28)
- <Possible follow-ups>
- RE: J2EE Application Security Code Review Prashant Shirangare (Oct 28)
- Re: J2EE Application Security Code Review Dean H. Saxe (Oct 30)
- RE: J2EE Application Security Code Review Evans, Arian (Oct 28)
- RE: J2EE Application Security Code Review Jeff Robertson (Oct 28)
- Re: J2EE Application Security Code Review Dean H. Saxe (Oct 30)
- Message not available
- Re: J2EE Application Security Code Review Yousef Syed (Nov 01)