On Tue, May 5, 2009 at 8:44 AM, Erlend Oftedal <[email protected]> wrote: > > Hi > > Arshan Dabirsiaghi from OWASP has published a gap analysis of application > security in Struts2. The full report can be found here: > http://www.owasp.org/images/b/be/A_Gap_Analysis_of_Application_Security_in_Struts2.pdf
Very interesting, but as it was already pointed out in the report: Struts 2 does not provide 90% of the functionality because it was chosen not too - we try to provide a flexible architecture where every other framework can be plugged in for every aspect of the application - be it validation, security, object instantiation, binding, etc. Other than that, an interesting read, and some good recommendations. Definitely something that should be kept in mind when looking at the security aspects. Phil > > Best regards > Erlend Oftedal > > -- > View this message in context: > http://www.nabble.com/A-gap-analysis-of-application-security-in-struts2-tp23381919p23381919.html > Sent from the Struts - Dev mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- "We cannot change the cards we are dealt, just how we play the hand." - Randy Pausch --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
