Code Reviewing Web Application Framework Based Applications (Struts 2, Spring MVC, Ruby on Rails (Groovy on Grails), .NET MVC)

Presented at Black Hat USA 2012, Unknown date/time (Unknown duration)

This workshop will give participants an opportunity to practically review Web Application Framework based applications for security vulnerabilities. The material in this workshop provides the hands-on experience that one would need to quickly understand each web application framework (Struts 2, Spring MVC, Ruby on Rails (Groovy on Grails), .NET MVC, Zend PHP, and Scala Play) and identify vulnerabilities in applications using those frameworks. Sample applications are provided with guided tasks to ease participants into understanding the nuances of each framework and the overall steps a code reviewer should follow to identify vulnerabilities.