[Owasp-leaders] Struts2 security gap analysis

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Wed Apr 15 15:51:28 EDT 2009

Is anyone working on the equivalent for Spring?


From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Arshan
Sent: Tuesday, April 14, 2009 3:09 PM
To: owasp-leaders at lists.owasp.org
Subject: Struts2 security gap analysis

Over the last month or so, the Intrinsic Security Working Group (ISWG)
has been performing a gap analysis of the Struts2. The purpose of the
work was not to find vulnerabilities in Struts2, but rather to find out
how easy or possible it is to write a secure application within the
Here is the draft which has been barely proofread. We're looking for
comments, flames, etc.:
We're hoping to publish with feedback by the end of the week.
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090415/b2e3a2eb/attachment.html 

More information about the OWASP-Leaders mailing list