HOME > SECURITY RESOURCES > WHITE PAPER ABSTRACT
These library resources require an Ounce Labs ID. Log in or register.
Security Vulnerabilities in the Spring Framework Model View Controller
Authors:
Ryan Berg, Co-Founder and Chief Scientist, Ounce Labs
Dinis Cruz, Director of Advanced Research, Ounce Labs
Ounce Labs’ Advanced Research Team (ART) has documented two vulnerabilities in the commonly used Spring Framework that is utilized for creating dynamic, robust, highly scalable Web applications in Java. Unlike common application vulnerabilities that can expose Web applications to cross site scripting or SQL injection attacks, these newly discovered class of vulnerabilities are not security flaws within the Framework, but are actually design issues that if not implemented properly expose business critical applications to attacks. The right security awareness in the design and testing phase of applications using the Framework can protect enterprises from exploitation after deployment.
This white paper features:
- Detailed analysis of the identified security issues
- A Case Study demonstrating the real-world potential impact
- Detailed recommendations on how to avoid the security risks associated with these vulnerabilities