[Owasp-leaders] Web application framework security comparison

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Wed Jan 28 13:31:56 EST 2009


Thanks!
 
I initially had one, but it was not a fair comparison. ESAPI is a security framework, which frankly should contain all of the things we are looking for, but it doesn't actually provide a framework for building web applications. The purpose is to give people picking technologies what frameworks will provide them with the most opportunity for security out of the box, and putting ESAPI in there made it look like a product promo.
 
I think if we had .NET w/ ESAPI and J2EE w/ ESAPI columns that would be fair. It would be an easy way to track how ESAPI is maintaining synchronicity across versions, but maybe on a seperate sheet.
 
Arshan

________________________________

From: owasp-leaders-bounces at lists.owasp.org on behalf of Goldschmidt, Cassio
Sent: Wed 1/28/2009 11:08 AM
To: owasp-leaders at lists.owasp.org
Cc: owasp-intrinsic-security at lists.owasp.org
Subject: Re: [Owasp-leaders] Web application framework security comparison


This is really helpful Arshan and team! Should we also add a column to the matrix for ESAPI?
 
Thanks,
Cassio


On Wed, Jan 28, 2009 at 7:41 AM, Arshan Dabirsiaghi <arshan.dabirsiaghi at aspectsecurity.com> wrote:


	All,
	 
	Thanks to those of you who made it out to Portugal for the EU Summit. One of our working sessions was focused on creating a consumer report on the security provided by web application frameworks. After some huge initial draft work there, I'm happy to have a beta ready. Of course maintaining this will be a moving target, but right now I'm soliciting a last call for comments and suggestions before making it available to the world at large.
	 
	The key is on the spreadsheet. Ideally I would like every tuple that's not "No Plans" to have a supporting comment or link. If you can provide one or can argue for a different value for any tuple, please get back to me soon.
	 
	Thanks to everyone for all your help up to this point - let's get this thing finished so we can get it out the public. I'm sorry I can't let everyone have edit privileges, but I had to make a million reverts when I did that before because I wasn't clear enough with my goals for the spreadsheet, so please just email me and the group your suggestions!
	 
	http://spreadsheets.google.com/pub?key=pWqXgSu_wNm-GkSPgOGyOWQ
	 
	Cheers,
	Arshan

	_______________________________________________
	OWASP-Leaders mailing list
	OWASP-Leaders at lists.owasp.org
	https://lists.owasp.org/mailman/listinfo/owasp-leaders
	
	


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090128/0f6fae67/attachment.html 


More information about the OWASP-Leaders mailing list