From Leopold.Zyka at ama.gv.at Fri Jun 10 08:56:32 2016 From: Leopold.Zyka at ama.gv.at (Zyka Leopold) Date: Fri, 10 Jun 2016 08:56:32 +0000 Subject: [Owasp-codereview] Code Review Guide 2.0 alpha release Message-ID: <53666E4D4710D745A839EE0A062625AF53D88E48@MSMX1.amadom.ama.at> Dear code review team, I am not sure if this ist he right place for my questions. In our Javaapplication we use Wicket as the webframework. I have two questions: 1) Apache Wicket Using Checkmarx for static code analysis brought up the question how secure is Apache Wicket ? 2) NginX We moved from Tomcat to Jetty which is covered in the document. We also moved from IIS (in front) to NginX ? Will there be a chapter about NginX ? regards, Leopold Der Austausch von Nachrichten mit o.a. Absender via E-Mail dient ausschlie?lich Informationszwecken und ist rechtlich nicht bindend. -------------- next part -------------- An HTML attachment was scrubbed... URL: From larry.conklin at owasp.org Fri Jun 10 12:36:16 2016 From: larry.conklin at owasp.org (Larry Conklin) Date: Fri, 10 Jun 2016 08:36:16 -0400 Subject: [Owasp-codereview] Code Review Guide 2.0 alpha release In-Reply-To: <53666E4D4710D745A839EE0A062625AF53D88E48@MSMX1.amadom.ama.at> References: <53666E4D4710D745A839EE0A062625AF53D88E48@MSMX1.amadom.ama.at> Message-ID: Leopold, In this release nginX will not be covered. As far as vulnerabilities in nginx goes you can refer to http://nginx.org/en/security_advisories.html Apache Wicket news page does describe two vulnerabilities. https://wicket.apache.org/#news Larry Conklin, CISSP On Fri, Jun 10, 2016 at 4:56 AM, Zyka Leopold wrote: > Dear code review team, > > > > I am not sure if this ist he right place for my questions. > > In our Javaapplication we use Wicket as the webframework. > > > > I have two questions: > > > > 1) Apache Wicket > Using Checkmarx for static code analysis brought up the question how > secure is Apache Wicket ? > > 2) NginX > > We moved from Tomcat to Jetty which is covered in the > document. > We also moved from IIS (in front) to NginX > > ? Will there be a chapter about NginX ? > > > > regards, > > Leopold > > > > Der Austausch von Nachrichten mit o.a. Absender via E-Mail dient > ausschlie?lich Informationszwecken und ist rechtlich nicht bindend. > > > > _______________________________________________ > Owasp-codereview mailing list > Owasp-codereview at lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-codereview > > -------------- next part -------------- An HTML attachment was scrubbed... URL: