WebApp Sec mailing list archives

Re: J2EE Application Security Code Review

From: Yousef Syed <yousef.syed () gmail com>
Date: Tue, 1 Nov 2005 17:23:16 +0000

Thanks to everyone for their help on this.
ys

On 31/10/05, Dean H. Saxe <dean () fullfrontalnerdity com> wrote:

Jeff,

As usual, I agree with you 100%!  But, there is one more thing to add:

Whenever I see a development group devise their own framework for web
applications I get worried.  (I'm not talking about the one we did
for CF5, since nothing better existed at the time!)  I cannot tell
you how many Java apps I reviewed in the last few months that have
implemented some half-baked (there was another, less kind word in
there in the first draft!) version of Struts or other MVC-like
frameworks.  YUCK!  That always raises a red flag.

-dhs

Dean H. Saxe, CEH
dean () fullfrontalnerdity com
"Great spirits have often encountered violent opposition from weak
minds."
     --Einstein




--
Yousef Syed

Current thread:

J2EE Application Security Code Review Yousef Syed (Oct 28)
- Re: J2EE Application Security Code Review Eoin Keary (Oct 28)
- Re: J2EE Application Security Code Review Andrew van der Stock (Oct 28)
- Re: J2EE Application Security Code Review crazy frog crazy frog (Oct 28)
- <Possible follow-ups>
- RE: J2EE Application Security Code Review Prashant Shirangare (Oct 28)
  - Re: J2EE Application Security Code Review Dean H. Saxe (Oct 30)
- RE: J2EE Application Security Code Review Evans, Arian (Oct 28)
- RE: J2EE Application Security Code Review Jeff Robertson (Oct 28)
  - Re: J2EE Application Security Code Review Dean H. Saxe (Oct 30)
  - Message not available
    - Re: J2EE Application Security Code Review Yousef Syed (Nov 01)