Abstract
We will examine the benefits and drawbacks in the selection of various software development languages and web application frameworks. In particular, we will consider five of the ten threats outlined in the Open Web Application Security Project (OWASP) Top 10 list of the most critical Web application security flaws [12], and examine the role of three popular Web application frameworks (Ruby on Rails (Ruby), Play Framework (Scala), and Zend Framework 2 (PHP)) in addressing a selection of these major threats. In addition, we will compare the strengths and weaknesses of each Web application framework as it pertains to the implementation of strong security measures. Furthermore, for each framework examined, assess how an organization should address these security threats in their software design utilizing their framework of choice. We will suggest the direction in which an organization facing such a decision ought to head; moreover, facilitate such a decision by assessing the benefits and drawbacks of each, based on the findings; and encourage one to decide what works best for the organization’s technical direction.
Highlights
In October 2014, Drupal, the popular PHP-based open source content management platform, reported experiencing multiple exploits of vulnerability within its database abstraction API involving carefully crafted requests that resulted in the execution of arbitrary SQL statements [18]
As outlined in the Open Web Application Security Project (OWASP) Top 10, there is much more to securing Web applications than addressing three of the more common threats in relation to three corresponding web application frameworks
It is important to recall that most frameworks do not ship with authentication functionality, or any other fully implemented security threat mitigation
Summary
In October 2014, Drupal, the popular PHP-based open source content management platform, reported experiencing multiple exploits of vulnerability within its database abstraction API involving carefully crafted requests that resulted in the execution of arbitrary SQL statements [18]. A selection of these threats are addressed in relation to three Web application frameworks: Ruby on Rails (Ruby) addressing SQL injection; Play Framework (Scala) addressing Security Misconfiguration; and Zend Framework 2 (PHP) addressing Broken Authentication and Session Management. Addressing these top threats in relation to these three frameworks, and assessing their strengths and weaknesses may facilitate an organization facing the technical decision of choosing an appropriate software stack
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.