[seam-dev] Adding a security audit to the Seam QA (release) process

Wednesday, 1 October 2008

Hi Marc,

Something that we've been discussing is the idea creating a security  
audit checklist that will cover Seam and the ways it interacts with  
the outside world; initially, we want to focus on JSF, Seam Remoting  
(Ajax) and Servlet but we will also consider adding in WS including  
JAX-RS, Wicket, GWT and perhaps others, though these are what I can  
think off. This checklist would then be added to the Seam QA process  
(which is run through at release time).

We were wondering if you would be able to work with us on this? My  
suggestion is, that as you (I hope ;-) have a good understanding of  
the general approaches that could be used to exploit a Seam that you  
would be to work with us both on an initial list of areas to focus on,  
and then help us develop the checklist.

Let us know :)

Pete

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[seam-dev] Adding a security audit to the Seam QA (release) process