Search Software Quality: Framework Support for Building Secure Applications

March 31, 2013
Dan Cornell
Search_software_quality_logo

Search Software Quality published another of my answers to reader questions:

How effective are the application frameworks that offer security support for developers?

You can see my full answer online where I talk about which vulnerabilities frameworks can help guard against (sorry – registration required). For those looking for a quick preview, I talk about:

  • Supporting the creation of secure code versus preventing the creation of bad code
  • Examples of frameworks helping with vulnerabilities like SQL injection, cross-site scripting (XSS) and cross-site request forgery (CSRF)
  • Mozilla’s playdoh framework and its security features

Frameworks definitely have a role to play for teams looking to build secure applications, but they aren’t a cure-all. You have to know what you can expect and plan to take advantage of available features but also understand the limits of what a framework is going to be able to provide.

Contact us for help getting the most out of your development platforms’ security capabilities.

–Dan

dan _at_ denimgroup.com

@danielcornell

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Information Security Security Programs Web Application Security

Leave a Reply

Your email address will not be published. Required fields are marked *