Perl In Secure Web Development
Perl In Secure Web Development
Por Jonathan Worthington Data: quarta-feira, 31 de agosto de 2005 17:40
Duração: 20 minutos Língua: Perl is frequently used in server side web development. Unfortunately,
adequate thought is not always given to preventing a malicious user from
(ab)using the script to access or modify data they should not be able to,
deface the website involved, execute arbitrary code or gather information
useful in mounting other attacks against the system. The talk would
cover a number of common security vulnerabilities along with
suggestions for avoiding them.
MAIN POINTS
Topics covered in the talk would include:
* The importance of validation
* The dangers of "open" - directory traversal, inserting pipes, etc
* SQL Injection - what it is, how to avoid it
* Mail header injection attacks
* Cross site scripting attacks
* Multi-user issues
* Areas where arbitrary code execution could slip in |