[OWASP-GUIDE] Status of the Guide v2

Adrian Wiesmann awiesmann at swordlord.org
Sun May 9 17:39:39 EDT 2004


> Here's the breakdown:
> 
> Java		the majority of my reviews overall. 
> ASP.NET	most of my reviews in 2004 outright
> ASP		most of my reviews in 2003*

This is actually what I expect to get from the question on the webappsec
maillist.


> 1 Cold Fusion == second worst result on any of my code reviews (2002)

Rotflmao. There is that function somewhere in ColdFusion which makes all
these servers crash when my browser does not identify itselfs :)


> I think if we cover the major ones, particularly J2EE 1.4, ASP and .NET,
> we will have the commercial side covered for > 95% of all cases. Add PHP
> (which is an absolute nightmare to get right), and that is a goodly slab
> of open source land (the old LAMP ready to blow). 

Complete ACK. Except that ASP = (vbscript | jscript) & scriptinghost &
IIS.

Which would make my list from a mail before to this:

- Java (JSP, Servlets, Struts...)
- .NET (c#...)
- Scripting (PHP, ASP, ...)

Adrian




More information about the Owasp-guide mailing list