[owasp-intrinsic-security] [Owasp-leaders] Web application framework security comparison

Achim Hoffmann ah at securenet.de
Thu Jan 29 09:45:54 EST 2009

Hi Arshan/All,

I'd agree with Mike's comment that Frameworks are compared with languages.
J2EE is not primarily a framework to build web application, you'd use it
together with with at least one of Struts, Spring (webflow), grails, tapestry, 
etc. etc..

PHP is primarily designed as "web language" but comes with a lot of preinstalled
libraries. So I'm not sure if we call it "language" or "framework".
Anyways, it fits here, IMHO.

Either the matrix should point out that distinction, or other "frameworks"
should be added. It's a bit misleading according the title.

Any thoughts?

On Wed, 28 Jan 2009, Michael Menefee wrote:

!! Arshan/All,
!! I would like to point out the difference between "Framework" and "language".
!! .NET is a framework, classic ASP is a language. PHP is also a language, not a
!! framework. If we want to compare various frameworks, then we need to include
!! specific PHP frameworks such as Cake, Symfony, Zend, etc, and make sure to
!! differentiate languages (such as ASP and PHP) from actual frameworks
!! I would be more than happy to attempt an evaluation of the top 5 PHP frameworks
!! (although there are many more than that now).
!! Mike
-------------- next part --------------
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

More information about the owasp-intrinsic-security mailing list