YAPC::EU::2005

Perl In Secure Web Development

Perl In Secure Web Development

By Jonathan Worthington
Date: Wednesday, 31 August 2005 17:40
Duration: 20 minutes
Language:


Perl is frequently used in server side web development. Unfortunately,
adequate thought is not always given to preventing a malicious user from
(ab)using the script to access or modify data they should not be able to,
deface the website involved, execute arbitrary code or gather information
useful in mounting other attacks against the system. The talk would
cover a number of common security vulnerabilities along with
suggestions for avoiding them.

MAIN POINTS
Topics covered in the talk would include:
* The importance of validation
* The dangers of "open" - directory traversal, inserting pipes, etc
* SQL Injection - what it is, how to avoid it
* Mail header injection attacks
* Cross site scripting attacks
* Multi-user issues
* Areas where arbitrary code execution could slip in


Valid XHTML 1.0!   Valid CSS!