One place to look is in the standard Perl documentation. See perlsec
especially, which is all Perl security info. Also look at perltaint
. There is security info in the open
, and exec
portions of perlfunc
and more in perlopentut
. Some of the info in perltrap
is security related.
Entire books have been written on the idea of secured programming which might help you formulate your standard. Secure Coding: Principles and Practices is one such book on the topic of writing secure code. Writing Secure Code, Second Edition is another, and some sample material from that is available at this MS Press page for the book (which even includes some Perl info in the examples). Security Forest has books on secure coding rated, including the two above.
brian d foy has online a sample from his book Mastering Perl that deals with security. I'd recommend buying the book if you find it helpful. Other Perl books make some reference to security, too.
There's a tutorial about security of Perl applications at http://www.perlcode.org.
Secure web programming is mentioned at http://advosys.ca/papers/web/61-web-security.html. You might not be doing web programming, but don't forget your application domain has its own security issues no matter the language. Make sure you have standards in place for the application domains, too.
Read up on vulnerabilities and consider how to avoid them. Knowing what you're securing against is one of the best ways to formulate how you're going to secure something.
Above all, remember that untested security is likely very little security at all. Most security errors slip through from a lack of black-box testing of the code at its boundaries. Write tests to check boundary conditions and even completely invalid inputs that are unlikely to occur. Any interface to the user is an interface to a fuzzing tool.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||