Lukasz Lenart, a programmer with fondness, it has always been his hobby, until became commercial activity. Believes that a good programmer should not be dependent on the language, but rather look to the future and try various languages and technologies, depending on requirements - today it is Java, and what will be in 10 years? As well can develop in PHP, C#, Borland Delphi, etc.. It is essential that brought him pleasure. Privately husband and father, domesticated, who likes to read books and appreciate the peace of mind! The socialist beliefs, the capitalist in action ;-)
How secure your web framework is?
In this talk I would like to present few recently discovered security vulnerabilities in the Apache Struts 2 web framework and based on that try to increase developers' awareness of the overall application security. In my opinion, nowadays developers don’t care about the security too much, they depend on what the framework gives them. Quite often, then even don’t check security bulletins to see if a new vulnerability wasn’t discovered recently in his/her famous framework. I would like show few web attacks and explain how it was possible to harm an application or even entire server, how to prevent such kind of attacks in the future and so on. Examples will base on the Apache Struts 2, but almost all the same problems were pointed out in the Spring MVC or in the Apache Wicket. Each framework has its own weaknesses :-)