This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Framed! Security-patching Common Web Development Frameworks

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center

The presentation

Owasp logo normal.jpg
Developers don’t write insecure code on purpose, they simply work with tools they’re given to deliver functional web applications. More and more often developers are relying on pre-built development frameworks (such as JSF, Struts, Spring, DWR, etc) which are not built to be secure, thus allowing for insecure applications. The purpose of this project and discussion is to discuss which frameworks are most in need of attention (and how we can identify those) and then decide on how to proceed with patching these frameworks upstream in the code such that it’s easier for a developer to write secure applications than not. We will discuss which frameworks are in most need of attention, the project charter and direction, participation and other project-related items.

The Panel

Rafal Los

Bio posted shortly.

Josh Abraham

Joshua “Jabra” Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. He has spoken at BlackHat, DefCon, ShmooCon, The SANS Pentest Summit, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ. He is frequently quoted in the media regarding Microsoft Patch Tuesday and web application security by ComputerWorld, DarkReading and SC Magazine.

Speaker bio will be posted shortly.