A few months ago we released the first version of the Secure Web Application Framework Manifesto: a set of requirements intended to guide web application framework developers in making more secure web application frameworks from the start.
Today we’re pleased to announce our next draft of the manifesto. We’ve reformatted the requirements according to much of the feedback we’ve received.
Check it out: Secure Web Application Framework Manifesto v0.08
We need your help – for some of the requirements in the manifesto we couldn’t find easily find examples of frameworks already fulfilling that requirement. Know of any? Please email us at labs [ a t ] securitycompass.com! As always, we appreciate any feedback you may have. Once we’ve collected the responses from this draft we’ll turn it into an OWASP project!
Edit: Many people helped shape the contents of this document. We have an acknowledgements section inside of the doc but would like to explicitly thank the following people for their ideas and/or support:
- Arshan Dabirsiaghi and the OWASP Intrinsic Security Working Group
- James Landis
- Jim Manico
- Dinis Cruz
- James McGovern
- Paco Hope
- Paul Johnston