Dive into a critical analysis of the Struts 2 Java framework in this 20-minute conference talk from OWASP Global AppSec Tel Aviv. Explore the evolution of Struts 2 from a modern framework to a security liability, examining its architectural flaws and the challenges of removing it from production environments. Investigate the OGNL swamp, follow the cat-and-mouse game between developers and security researchers, and uncover the prerequisites for exploiting the framework. Learn about Struts vulnerabilities, injection points, and payload construction. Understand why applications initially appear safe and the implications for security teams. Gain valuable insights into application security and the importance of framework evaluation from Eugene Rojavski, an experienced Application Security Researcher at Checkmarx.