You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by Erlend Oftedal <er...@oftedal.no> on 2009/05/05 08:44:30 UTC
A gap analysis of application security in struts2
Hi
Arshan Dabirsiaghi from OWASP has published a gap analysis of application
security in Struts2. The full report can be found here:
http://www.owasp.org/images/b/be/A_Gap_Analysis_of_Application_Security_in_Struts2.pdf
Best regards
Erlend Oftedal
--
View this message in context: http://www.nabble.com/A-gap-analysis-of-application-security-in-struts2-tp23381919p23381919.html
Sent from the Struts - Dev mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: A gap analysis of application security in struts2
Posted by Philip Luppens <ph...@gmail.com>.
On Tue, May 5, 2009 at 8:44 AM, Erlend Oftedal <er...@oftedal.no> wrote:
>
> Hi
>
> Arshan Dabirsiaghi from OWASP has published a gap analysis of application
> security in Struts2. The full report can be found here:
> http://www.owasp.org/images/b/be/A_Gap_Analysis_of_Application_Security_in_Struts2.pdf
Very interesting, but as it was already pointed out in the report:
Struts 2 does not provide 90% of the functionality because it was
chosen not too - we try to provide a flexible architecture where every
other framework can be plugged in for every aspect of the application
- be it validation, security, object instantiation, binding, etc.
Other than that, an interesting read, and some good recommendations.
Definitely something that should be kept in mind when looking at the
security aspects.
Phil
>
> Best regards
> Erlend Oftedal
>
> --
> View this message in context: http://www.nabble.com/A-gap-analysis-of-application-security-in-struts2-tp23381919p23381919.html
> Sent from the Struts - Dev mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>
--
"We cannot change the cards we are dealt, just how we play the hand."
- Randy Pausch
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org