Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: Re: Guide to Building Secure Web Applications and Web Services

by cjf (Parson)
on Jun 27, 2002 at 10:47 UTC ( #177675=note: print w/replies, xml ) Need Help??


in reply to Re: Guide to Building Secure Web Applications and Web Services
in thread Guide to Building Secure Web Applications and Web Services

This is the bomb and will now form the basis of my new security policy

If you're writing security policies you may also find The SANS Security Policy Project helpful. They currently have 25 example policies on everything from acceptable encryption use to wireless communication.

It is possibly missing stuff on LDAP but from their future developments I look forward to the next release.

There's some information here about what they're planning for future releases. I'm sure they're also open to suggestions for new sections and/or expanded coverage of current sections. If anyone's interested they don't currently have Perl listed under the upcoming language security parts either.

The name seems slightly misleading as this stuff does not just apply to open source programming.

I believe the 'Open' in OWASP refers to the fact they're releasing both the guide and their software under open source licenses. All the suggestions in the paper certainly apply to commercial application development as well.

As for funding, they have a sponsorship request on the site as well.

  • Comment on Re: Re: Guide to Building Secure Web Applications and Web Services

Replies are listed 'Best First'.
Re: Re: Re: Guide to Building Secure Web Applications and Web Services
by ryanus (Sexton) on Jun 27, 2002 at 14:44 UTC
    I am somewhat interested in helping them out with adding Perl to their supported languages. I am pretty busy though, is anyone else interested in a joint or group effort? I figure we could take a lot of information from here and from perldoc persec and the like. If anyone is interested, contact me at the email address listed in my perlmonks sratch pad. To see what languages they are going to do writeups on, see the Future Content section at this page

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://177675]
help
Chatterbox?
[Corion]: On the upside, I spend a lot of time thinking this weekend about how to actually implement rate limiting for futures, and if things work out, maybe even loading a configuration from an external file makes sense
[Corion]: I've also found some interesting invariants that I have to think/write about more. A simple rate limiter will never change the order of the input, while a limiter that allows for parallel execution will change the order. But my API currently allows for bo
[Corion]: ... for both, and I'm not sure if I want to add the cruft from the parallel API (a token that you need to hold on to while you hold the lock) to the rate limiting API too, to allow seamless up/downgrades, or not.
[Corion]: Also, rate limiting will look great with await: my $token = await $limiter-> limit($hostname); instead of my $f = $limiter->limit( $hostname )->then(sub { my( $token)=@_; ... });

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (9)
As of 2017-10-23 08:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My fridge is mostly full of:

















    Results (277 votes). Check out past polls.

    Notices?