Hi all, we've released version 0.08 of the Secure Web Application Framework Manifesto at http://labs.securitycompass.com
This is 2nd public release of the document. Our goal is to provide a list of requirements so that web application frameworks offer more security out of the box. Our next step will be to move this over to an OWASP project, and then to solicit participation from framework developers. If anyone participates in or knows of the developers of the Django or Lift web app frameworks please let me know. As always, we look forward to any suggestions you have. We had a lot of feedback on additional requirements from our previous release. We took the approach of actually reducing the total number of requirements in this release so that we have a greater chance of achieving success with the frameworks. We plan on adding to the requirements in future years. Thanks, -- Rohit Sethi Security Compass http://www.securitycompass.com twitter: rksethi _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________