Toward Secure Web Application Design: Comparative Analysis of Major Languages and Framework Choices

We will examine the benefits and drawbacks in the selection of various software development languages and web application frameworks. In particular, we will consider five of the ten threats outlined in the Open Web Application Security Project (OWASP) Top 10 list of the most critical Web application security flaws [12], and examine the role of three popular Web application frameworks (Ruby on Rails (Ruby), Play Framework (Scala), and Zend Framework 2 (PHP)) in addressing a selection of these major threats. In addition, we will compare the strengths and weaknesses of each Web application framework as it pertains to the implementation of strong security measures. Furthermore, for each framework examined, assess how an organization should address these security threats in their software design utilizing their framework of choice. We will suggest the direction in which an organization facing such a decision ought to head; moreover, facilitate such a decision by assessing the benefits and drawbacks of each, based on the findings; and encourage one to decide what works best for the organization’s technical direction.