<p>When creating a web project, whether large or small, the process of selecting the underlying platform is an art. Although most developers, web architects, and stakeholders are generally aware of the security necessities it is often the last item on their long list of daily priorities.</p><p>It must be stressed to development teams that the choice of platform, language and framework can have profound implications regarding the security of the final product.</p><p>A new project must first start by selecting a language and then a framework. Often times an organization will standardize one language, such as "pure Java EE" or "pure .NET," however it is common that larger organizations will have a wider range depending on their mix of off-the-shelf software, remnants of inherited technologies and code written by outsourced companies. On top of this, the mobile world is forcing most organizations to have a smattering of additional technologies to support the ever-growing litany of popular, must-have devices, and with all of this to digest the importance of the right foundation often gets lost in translation. It must be stressed to development teams that the choice of platform, language and framework can have profound implications regarding the security of the final product.</p><p>Platform and framework decisions are often based on multiple variables such as in-house talent pool, approved technology stacks, availability and price of developers, cost of licenses, but what is often never considered is the inherent security of the platform. While some do have built-in protection, such as the ASP.NET platform that protects against XSS, CSRF and SQL Injection, along with vetted security controls to simplify authentication, access control and a number of other risk-prone areas, others such as PHP either have very little or none at all dependent on framework. In order to make the right decision for the project, it is necessary to factor in additional research on security controls or training on navigating built-in controls before a project even starts.</p><p><a href="http://blogs.computerworld.com/application-security/21545/security-why-choosing-frameworks-platforms-and-language-matter">Keep reading...</a></p>