1 / 9

Web Framework Security

Web Framework Security. Alex Wehn. What Are Frameworks?. Web frameworks are software libraries that aim to speed up development Most frameworks include abstractions and automation for common tasks Database Operations Session Management Database Schema Generation Page Generation.

zoe-diaz
Download Presentation

Web Framework Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Web Framework Security Alex Wehn

  2. What Are Frameworks? • Web frameworks are software libraries that aim to speed up development • Most frameworks include abstractions and automation for common tasks • Database Operations • Session Management • Database Schema Generation • Page Generation

  3. Why Use a Framework? • Frameworks speed up development • Frameworks simplify development • Frameworks exist for all major web languages • Frameworks provide structure • Frameworks mitigate many common security vulnerabilities

  4. Frameworks Provide Structure • Frameworks enforce software architectures • Most are based on Model View Controller • Folder structure and naming conventions are usually enforced. • Structure helps organize large applications

  5. Frameworks Mitigate Security Vulnerabilities • SQL Injection • Object Relation Model (ORM) • Cross Site Request Forgery • Automatic XSRF Tokens • Cross Site Scripting • Security libraries for escaping inputs • Access Control • Built In Access Control Lists

  6. Reasons Against Web Frameworks • Enforced structure may be too restrictive or not fit the project • Frameworks do not protect against all security vulnerabilities

  7. Security Vulnerabilities in Frameworks • Frameworks provide a common codebase that can be targeted • Features of frameworks may be unused • Frameworks give attackers knowledge of how an application is constructed

  8. Ruby on Rails YAML Flaw • Discovered early this year • Rails uses YAML for reading configuration files • Deserialization of well crafted YAML objects can cause arbitrary code to be executed • Rails used YAML to implement JSON parsing as well as for many other functions

  9. Questions?

More Related