[Owasp-leaders] Struts2 security gap analysis

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Tue Apr 14 15:09:28 EDT 2009


All,
 
Over the last month or so, the Intrinsic Security Working Group (ISWG) has been performing a gap analysis of the Struts2. The purpose of the work was not to find vulnerabilities in Struts2, but rather to find out how easy or possible it is to write a secure application within the framework.
 
Here is the draft which has been barely proofread. We're looking for comments, flames, etc.:
 
http://i8jesus.com/stuff/A%20Gap%20Analysis%20of%20Application%20Security%20in%20Struts2%20-%20DRAFT.doc <http://i8jesus.com/stuff/A%20Gap%20Analysis%20of%20Application%20Security%20in%20Struts2%20-%20DRAFT.doc> 
 
We're hoping to publish with feedback by the end of the week.
 
Thanks,
Arshan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 3830 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090414/3fb33e37/attachment.bin 


More information about the OWASP-Leaders mailing list