Announcement Announcement Module
No announcement yet.
How secure? very... Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • How secure? very...

    Not to waste too much bandwidth but...

    I am developing a simple internal web app for my client and was wondering how secure it was. I asked the security guru's to run the battery of tests against the app looking for the typical vulnerabilities (cross site scripting, sql injection ,etc...). When they ran it the only problems were in cross site script injection into my selection (pick lists) inputs. I was validating other input but I wasn't validating the selections (my bad). I hadn't done that because I was providing the selection options via reference data. Anyway, makes sense (from the domain perspective) so I added a basic validation for the selection entries too. When the tools were re-run, everything passes! ACEGI + Spring MVC is pretty iron clad. I 'm quite sure a home-grown security/Struts based app wouldn't have fared so well. More than a few heads turned when the results came out. :shock:

    Kudos to the developers/contributors of these two fine frameworks!

  • #2
    Thanks for the positive feedback. It's always nice to hear from people about how the Spring family of projects have helping them out in real projects.