Security Pitfalls in Stripes Web Applications
The Stripes framework (www.stripesframework.org) is a Java web presentation framework that aims to ease the process of creating Java based web applications, by favouring defaults over verbose configuration and by providing a single backing bean for both properties and methods. This paper covers Stripes version 1.5.1 from www.stripesframework.org. It exposes a number of potential security weaknesses that should be included in a comprehensive Web Application Security Assessment, but should not be regarded as a complete methodology for security assessing Stripes based web applications. For a complete methodology consult the OWASP Testing Guide.