Document the Spring MVC security vulnerabilities (namely the examples presented at AppSecDC)

[GoogleCodeExporter]

What would you like to see documented?
Spring MVC security issues , how O2 can be used to find them and PoC of 
exploits in Spring's demo 
applications

The reason for this entry is to make sure the response gets tracked since there 
are a number of O2 
users asking this question. For example:

"...Can you give me the details of the two flaws that you found in Spring that 
you presented at 
OWASP. I have a client that attended your presentation and they think that they 
defend against 
these two issues in the way they use Spring and they want us to confirm this, 
but to do so, we’d 
need to understand the details of the issues you found..."

Original issue reported on code.google.com by dinis.cr...@gmail.com on 25 Nov 2009 at 11:35

[GoogleCodeExporter]

Original comment by dinis.cr...@gmail.com on 25 Nov 2009 at 11:35

• Added labels: Type-Documentation
• Removed labels: Documentation-Request

[GoogleCodeExporter]

Working page for Spring MVC security related details on O2's OWASP website: 
http://www.owasp.org/index.php/OWASP_O2_Platform/Spring_Framework/MVC

Original comment by dinis.cr...@gmail.com on 4 Dec 2009 at 12:48