HI,under http://www.theserverside.com/tt/articles/article.tss?l=AreJavaWebApplicationsSecure is an article covering java WebApps & security; On part 2 it also looks at webframeworks for java including wicket 1.3.x - it mentions
"Wicket has only one component (HiddenField) vulnerable to integrity attacks."
maybe this gap could be closed? Also the rest seems aso quite interesting. Best, Korbinian
