Web Framework Security - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Web Framework Security

Description:

Web Framework Security Alex Wehn What Are Frameworks? Web frameworks are software libraries that aim to speed up development Most frameworks include abstractions and ... – PowerPoint PPT presentation

Number of Views:244
Avg rating:3.0/5.0
Slides: 10
Provided by: AlexW151
Category:

less

Transcript and Presenter's Notes

Title: Web Framework Security


1
Web Framework Security
  • Alex Wehn

2
What Are Frameworks?
  • Web frameworks are software libraries that aim to
    speed up development
  • Most frameworks include abstractions and
    automation for common tasks
  • Database Operations
  • Session Management
  • Database Schema Generation
  • Page Generation

3
Why Use a Framework?
  • Frameworks speed up development
  • Frameworks simplify development
  • Frameworks exist for all major web languages
  • Frameworks provide structure
  • Frameworks mitigate many common security
    vulnerabilities

4
Frameworks Provide Structure
  • Frameworks enforce software architectures
  • Most are based on Model View Controller
  • Folder structure and naming conventions are
    usually enforced.
  • Structure helps organize large applications

5
Frameworks Mitigate Security Vulnerabilities
  • SQL Injection
  • Object Relation Model (ORM)
  • Cross Site Request Forgery
  • Automatic XSRF Tokens
  • Cross Site Scripting
  • Security libraries for escaping inputs
  • Access Control
  • Built In Access Control Lists

6
Reasons Against Web Frameworks
  • Enforced structure may be too restrictive or not
    fit the project
  • Frameworks do not protect against all security
    vulnerabilities

7
Security Vulnerabilities in Frameworks
  • Frameworks provide a common codebase that can be
    targeted
  • Features of frameworks may be unused
  • Frameworks give attackers knowledge of how an
    application is constructed

8
Ruby on Rails YAML Flaw
  • Discovered early this year
  • Rails uses YAML for reading configuration files
  • Deserialization of well crafted YAML objects can
    cause arbitrary code to be executed
  • Rails used YAML to implement JSON parsing as well
    as for many other functions

9
Questions?
Write a Comment
User Comments (0)
About PowerShow.com