Susan, who is the CTO of a software company, seeks security team advice on struts. Susan understands that the security review of struts requires not only the domain knowledge of struts but also threats knowledge specific to struts. To identify the struts security requires automated code scanning, whitebox review, secure configuration review, and also blackbox with the malicious payload, the security team proposed the following security review approaches with industry practices resources. The purpose of the case study is not to give a comprehensive struts security review guide but to demonstrate how to proceed security whitebox review which is framework specific to Struts security.
Susan and the security team discuss possible review approaches and also deliver a struts security checklist for the project team as a code review baseline...