Difference between revisions of "Perl"

From OWASP
Jump to: navigation, search
m
Line 1: Line 1:
This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.
+
This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.  
  
It is perhaps odd that this page is so new:
+
It is perhaps odd that this page is so new:  
# Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
+
# It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.
+
  
==Possible perl OWASP projects==
+
#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.  
# Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
+
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.
# Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
+
# A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].
+
  
==Perl resources==
+
== Possible perl OWASP projects ==
# Perl [http://perldoc.perl.org/perlsec.html security] man page
+
# [http://perlmonks.org Perl Monks]
+
# [http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]
+
  
==Perl modules==
+
#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
===Authentication===
+
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
===Authorization===
+
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].
===HTML validation===
+
 
===Password strength===
+
== Perl resources ==
 +
 
 +
#Perl [http://perldoc.perl.org/perlsec.html security] man page
 +
#[http://perlmonks.org Perl Monks]
 +
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]
 +
 
 +
== Perl modules ==
 +
 
 +
=== Authentication ===
 +
 
 +
Authentication modules will often be framework specific:
 +
 
 +
{| border="1" width="200" cellspacing="1" cellpadding="1"
 +
|+ Perl web frameworks and their security mechanisms
 +
|-
 +
! scope="col" | Framework
 +
! scope="col" | Authentication
 +
! scope="col" | Authorization
 +
|-
 +
| Catalyst
 +
|
 +
|
 +
|-
 +
| CGI::Application
 +
|
 +
|
 +
|-
 +
| Jifty
 +
|
 +
|
 +
|}
 +
 
 +
{|
 +
|+
 +
|}
 +
 
 +
=== Authorization ===
 +
 
 +
=== HTML validation ===
 +
 
 +
=== Password strength ===

Revision as of 13:11, 1 July 2010

This page should collect together any resources relating to Perl and OWASP or security in general.

It is perhaps odd that this page is so new:

  1. Perl has long been an open source language and often associated with the internet.
  2. It offers what seems to be a much under-used method of combating many sorts of exploit namely taint mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

Contents

Possible perl OWASP projects

  1. Perl ports of multi-language OWASP projects, for example AntiSamy.
  2. Review of CPAN modules according to OWASP standards, for example CGI::Application::Plugin::Authentication.
  3. A perl module to measure the strength of passwords.

Perl resources

  1. Perl security man page
  2. Perl Monks
  3. Security Issues in Perl Scripts by Jordan Dimov

Perl modules

Authentication

Authentication modules will often be framework specific:

Perl web frameworks and their security mechanisms
Framework Authentication Authorization
Catalyst
CGI::Application
Jifty

Authorization

HTML validation

Password strength