How effective are the application frameworks that offer security support for developers?
You can see my full answer online where I talk about which vulnerabilities frameworks can help guard against (sorry – registration required). For those looking for a quick preview, I talk about:
- Supporting the creation of secure code versus preventing the creation of bad code
- Examples of frameworks helping with vulnerabilities like SQL injection, cross-site scripting (XSS) and cross-site request forgery (CSRF)
- Mozilla’s playdoh framework and its security features
Frameworks definitely have a role to play for teams looking to build secure applications, but they aren’t a cure-all. You have to know what you can expect and plan to take advantage of available features but also understand the limits of what a framework is going to be able to provide.
dan _at_ denimgroup.com