Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??
One place to look is in the standard Perl documentation. See perlsec especially, which is all Perl security info. Also look at perltaint. There is security info in the open, system, and exec portions of perlfunc and more in perlopentut. Some of the info in perltrap is security related.

Entire books have been written on the idea of secured programming which might help you formulate your standard. Secure Coding: Principles and Practices is one such book on the topic of writing secure code. Writing Secure Code, Second Edition is another, and some sample material from that is available at this MS Press page for the book (which even includes some Perl info in the examples). Security Forest has books on secure coding rated, including the two above.

brian d foy has online a sample from his book Mastering Perl that deals with security. I'd recommend buying the book if you find it helpful. Other Perl books make some reference to security, too.

There's a tutorial about security of Perl applications at http://www.perlcode.org.

Secure web programming is mentioned at http://advosys.ca/papers/web/61-web-security.html. You might not be doing web programming, but don't forget your application domain has its own security issues no matter the language. Make sure you have standards in place for the application domains, too.

Read up on vulnerabilities and consider how to avoid them. Knowing what you're securing against is one of the best ways to formulate how you're going to secure something.

Above all, remember that untested security is likely very little security at all. Most security errors slip through from a lack of black-box testing of the code at its boundaries. Write tests to check boundary conditions and even completely invalid inputs that are unlikely to occur. Any interface to the user is an interface to a fuzzing tool.


In reply to Re: Secure Perl Coding Standards by mr_mischief
in thread Secure Perl Coding Standards by Binford

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others exploiting the Monastery: (11)
    As of 2014-07-30 15:47 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      My favorite superfluous repetitious redundant duplicative phrase is:









      Results (235 votes), past polls