Hello CherryPy developers! My name is Craig Younkins. I'm an intern at
OWASP, the Open Web Application Security Project, and this summer I'm
focusing on web security in Python. My mission is to help developers
make more secure applications.
First, I'd like to invite you to a new community - http://www.pythonsecurity.org/ . I started this community a week ago as a hub for security in Python.
We're writing articles on security topics and how they pertain to
Python, analyzing the security of software, and providing a forum
where developers can get answers to their security questions. If
you're interested, you can help this blossoming community by
contributing to our wiki.
Second, I'd like to help you, the developers, take a look at the
CherryPy. I've created a template page for CherryPy on our wiki
with a number of questions developers can answer that will help
clarify the security of the framework. http://www.pythonsecurity.org/wiki/cherry-py/ Of course, that page links to the broader security topics including
XSS, CSRF, Cryptography, and more.