[Owasp-leaders] Struts2 security gap analysis

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Wed Apr 15 15:51:28 EDT 2009


Is anyone working on the equivalent for Spring?

________________________________

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Arshan
Dabirsiaghi
Sent: Tuesday, April 14, 2009 3:09 PM
To: owasp-leaders at lists.owasp.org
Subject: Struts2 security gap analysis


All,
 
Over the last month or so, the Intrinsic Security Working Group (ISWG)
has been performing a gap analysis of the Struts2. The purpose of the
work was not to find vulnerabilities in Struts2, but rather to find out
how easy or possible it is to write a secure application within the
framework.
 
Here is the draft which has been barely proofread. We're looking for
comments, flames, etc.:
 
http://i8jesus.com/stuff/A%20Gap%20Analysis%20of%20Application%20Securit
y%20in%20Struts2%20-%20DRAFT.doc
<http://i8jesus.com/stuff/A%20Gap%20Analysis%20of%20Application%20Securi
ty%20in%20Struts2%20-%20DRAFT.doc> 
 
We're hoping to publish with feedback by the end of the week.
 
Thanks,
Arshan
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090415/b2e3a2eb/attachment.html 


More information about the OWASP-Leaders mailing list