Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

Re: Essential CGI Security Practices

by dws (Chancellor)
on Feb 02, 2002 at 21:11 UTC ( #142959=note: print w/replies, xml ) Need Help??

in reply to Essential CGI Security Practices

Good list, to which I would add:

Peer Review - Apply several pairs of competent eyeballs to the code. A skilled colleague, reading the code with a "how would I break this" hat on is a great way to uncover subtle problems.

Data Security - Keep sensitive, missions critical data off of the web server box, especially if you're dealing with credit cards. Encryption isn't always enough.

Replies are listed 'Best First'.
Re: Re: Essential CGI Security Practices
by Ryszard (Priest) on Feb 02, 2002 at 22:55 UTC
    I'd like to add Subsection 1 to Peer Review. This section would be called QA.

    QA - Put your code into a replication of your production environment and get a dedicated QA person to go thru' your application as if it was live on the web. A skilled QA person is a seriously good weapon to have in your arsonal.

    While youre there you may as well set up a dedicated UAT to test your application as well. Keep in mind you shouldnt tell your QA 'guy' about how or what your app does as this may influence the nature of their testing.

      As much as I hate working with QA; partially because where I worked they often served as HCI/UI/HF, (not so) clearly when something is in testing is not the best time to redesign it; I'll have to ++.

      perl -pe "s/\b;([st])/'\1/mg"

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://142959]
[jedikaiti]: "finished" 18?

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (7)
As of 2018-01-18 20:28 GMT
Find Nodes?
    Voting Booth?
    How did you see in the new year?

    Results (214 votes). Check out past polls.