Hello there! My name is Craig Younkins. I'm a summer intern at OWASP,
the Open Web Application Security Project. This summer I'm working
heavily on web security in Python.

First, I would like to praise Dr. Di Pierro and all the web2py
contributors for their focus on security. Examining the OWASP Top 10
(http://www.web2py.com/examples/default/security) is a great way to
start. Keep it up!

Second, I'd like to invite the web2py community over to a site I've
started about security in Python - http://www.pythonsecurity.org . The
site aims to be the central hub for security in Python, and right now
has a focus on web security. Inside there are articles specific to
software like frameworks as well as articles related to security
topics like cross-site scripting. We also have a Google Group (http://
groups.google.com/group/python-security/topics) which I encourage the
developers to join. There you can get answers to your Python security
questions. I hope you check it out!

Lastly, I'd like to encourage you to take a look at web2py's page on
PythonSecurity.org - http://www.pythonsecurity.org/wiki/web2py/ . I
haven't had the time yet to examine web2py in detail, but on that page
there is a pretty well-defined template of questions to be answered.
Going through the list there will help the developers see areas in
web2py that could use improvement, as well as documenting the
strengths for other frameworks to model off of.

Thanks!

Craig Younkins

Reply via email to