[Zope] OWASP Top Ten Most Critical Web Application Security Vulnerabilities

Stacy.Ladnier at noaa.gov Stacy.Ladnier at noaa.gov
Mon Mar 27 22:35:21 EST 2006


The Web Development Group at our office is currently trying to compose a
white paper addressing the steps Zope, Plone and Python take to ensure
secure web applications, as well as additional steps developers should
take to keep it that way. Current documentation existing on the web does
not seem to specifically address the concerns many of our customers
express. We often find ourselves spending more time defending the
technology and its security than we spend on development itself. We
decided it is time to write a paper to put all concerns and questions to
rest.

The goal we are aiming for is to dig deeper than the current
documentation and work on explaining the intricate details of what makes
each of these technologies secure from attacks and security weaknesses.
As a starting point, we are looking at the top ten critical web
application security vulnerabilities put out by The Open Web Application
Security Project (http://www.owasp.org/documentation/topten.html). 

We are far from being the experts on this subject matter, even though we
try to get a bit closer every day. Any help from the mastermind
developers themselves would be greatly appreciated and only add to the
validity of the white paper. Once the paper is complete, we are willing
to publish it for the communities to use for their own purposes. Please
provide any input or suggestions you have. The more people help, the
better the resulting paper will become.


Stacy Ladnier
Software Engineer/Web Developer
Anteon Corporation


More information about the Zope mailing list