web2py - A Framework That Cares About Security
A huge round of applause is in order for web2py because they care about security.
The web2py creators clearly kept security in mind from the design phase, and it shows in the end result. web2py is immune to many attacks on session management and routing because those components were designed with security in mind.
This underscores an important aspect of security in any application: Security cannot be tacked on afterwards, it must be built in from the start. While you can add on cryptography or more escaping to an application, preventing attacks on sessions or user management may require redesigning those components.
Check out web2py’s page on PythonSecurity.org for more details specific to web2py.
