Hi Craig, You may also want to ask some questions about form validation, default validators and directory traversal attacks in file uploads.
Massimo On 29 Giu, 11:08, Craig Younkins <cyounk...@gmail.com> wrote: > Hello there! My name is Craig Younkins. I'm a summer intern at OWASP, > the Open Web Application Security Project. This summer I'm working > heavily on web security in Python. > > First, I would like to praise Dr. Di Pierro and all the web2py > contributors for their focus on security. Examining the OWASP Top 10 > (http://www.web2py.com/examples/default/security) is a great way to > start. Keep it up! > > Second, I'd like to invite the web2py community over to a site I've > started about security in Python -http://www.pythonsecurity.org. The > site aims to be the central hub for security in Python, and right now > has a focus on web security. Inside there are articles specific to > software like frameworks as well as articles related to security > topics like cross-site scripting. We also have a Google Group (http:// > groups.google.com/group/python-security/topics) which I encourage the > developers to join. There you can get answers to your Python security > questions. I hope you check it out! > > Lastly, I'd like to encourage you to take a look at web2py's page on > PythonSecurity.org -http://www.pythonsecurity.org/wiki/web2py/. I > haven't had the time yet to examine web2py in detail, but on that page > there is a pretty well-defined template of questions to be answered. > Going through the list there will help the developers see areas in > web2py that could use improvement, as well as documenting the > strengths for other frameworks to model off of. > > Thanks! > > Craig Younkins
