[Owasp-leaders] Web application framework security comparison

Michael Menefee mmenefee at gmail.com
Wed Jan 28 22:19:53 EST 2009


Arshan/All,

I would like to point out the difference between "Framework" and "language".
.NET is a framework, classic ASP is a language. PHP is also a language, not
a framework. If we want to compare various frameworks, then we need to
include specific PHP frameworks such as Cake, Symfony, Zend, etc, and make
sure to differentiate languages (such as ASP and PHP) from actual frameworks

I would be more than happy to attempt an evaluation of the top 5 PHP
frameworks (although there are many more than that now).

Mike


On Wed, Jan 28, 2009 at 10:41 AM, Arshan Dabirsiaghi <
arshan.dabirsiaghi at aspectsecurity.com> wrote:

>  All,
>
> Thanks to those of you who made it out to Portugal for the EU Summit. One
> of our working sessions was focused on creating a consumer report on the
> security provided by web application frameworks. After some huge
> initial draft work there, I'm happy to have a beta ready. Of course
> maintaining this will be a moving target, but right now I'm soliciting a
> last call for comments and suggestions before making it available to the
> world at large.
>
> The key is on the spreadsheet. Ideally I would like every tuple that's not
> "No Plans" to have a supporting comment or link. If you can provide one or
> can argue for a different value for any tuple, please get back to me soon.
>
> Thanks to everyone for all your help up to this point - let's get this
> thing finished so we can get it out the public. I'm sorry I can't let
> everyone have edit privileges, but I had to make a million reverts when I
> did that before because I wasn't clear enough with my goals for the
> spreadsheet, so please just email me and the group your suggestions!
>
> http://spreadsheets.google.com/pub?key=pWqXgSu_wNm-GkSPgOGyOWQ
>
> Cheers,
> Arshan
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090128/f22cbea4/attachment.html 


More information about the OWASP-Leaders mailing list