The Web Development Group at our office is currently trying to compose a white paper addressing the steps Zope, Plone and Python take to ensure secure web applications, as well as additional steps developers should take to keep it that way. Current documentation existing on the web does not seem to specifically address the concerns many of our customers express. We often find ourselves spending more time defending the technology and its security than we spend on development itself. We decided it is time to write a paper to put all concerns and questions to rest.
The goal we are aiming for is to dig deeper than the current documentation and work on explaining the intricate details of what makes each of these technologies secure from attacks and security weaknesses. As a starting point, we are looking at the top ten critical web application security vulnerabilities put out by The Open Web Application Security Project (http://www.owasp.org/documentation/topten.html). We are far from being the experts on this subject matter, even though we try to get a bit closer every day. Any help from the mastermind developers themselves would be greatly appreciated and only add to the validity of the white paper. Once the paper is complete, we are willing to publish it for the communities to use for their own purposes. Please provide any input or suggestions you have. The more people help, the better the resulting paper will become. Stacy Ladnier Software Engineer/Web Developer Anteon Corporation _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )