Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

Yes. You point out some bad, terrible practices that happen in the wild at either hopelessly amateur shops or shops that grew too fast from the naïve age of CGI and have escaped being hacked by virtue of being too small or too pointless to be worth the trouble; or not knowing they have been hacked.

The list of responses and practical fixes to the issues would fill an entire website, which you already cited: OWASP. There is NO package or module or framework or single set of best practices that solves for all this and even if there were it would change constantly. You just have to know what you're doing and you have to keep up.

Every dev worth her salt knew the context sensitivity in CGI->param so used it without introducing exploits. Mojolicious cookies are slightly more secure out of the box than other current frameworks. Crypt::Eksblowfish::Bcrypt passwords are better by far than Digest::SHA but new chips and algorithms have already made it weaker than it was. It's a laundry list full of—Yeah, so what? You need to know that—and like a doctor who doesn't read medical journals, a dev who doesn't keep up with the art isn't safe or reliable.

Imagine posting on a biology forum: Mobility in organisms? Let's hear your ideas. It's a sawed-off shotgun fired into the air. Picking one security issue or an actual, open problem you're facing with some GODDAMNED WORKING CODE would be more likely to fruit.


In reply to Re^2: Crash-Test Dummies: A Few Thoughts on Website Testing by Your Mother
in thread Crash-Test Dummies: A Few Thoughts on Website Testing by sundialsvc4

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others scrutinizing the Monastery: (2)
    As of 2019-12-07 03:33 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?
      Strict and warnings: which comes first?



      Results (160 votes). Check out past polls.

      Notices?