Yes. You point out some bad, terrible practices that happen in the
wild at either hopelessly amateur shops or shops that grew too fast from
the naïve age of CGI and have escaped being hacked by virtue of being
too small or too pointless to be worth the trouble; or not knowing they have been hacked.
The list of responses and practical fixes to the issues would
fill an entire website, which you already cited: OWASP. There is
NO package or module or framework or single set of best practices that
solves for all this and even if there were it would change constantly.
You just have to know what you're doing and you have to keep up.
Every dev worth her salt knew the context sensitivity in CGI->param so used it without introducing exploits.
Mojolicious cookies are slightly more secure out of the
box than other current frameworks. Crypt::Eksblowfish::Bcrypt
passwords are better by far than Digest::SHA but new chips
and algorithms have already made it weaker than it was. It's a
laundry list full of—Yeah, so what? You need to know that—and
like a doctor who doesn't read medical journals, a
dev who doesn't keep up with the art isn't safe or reliable.
Imagine posting on a biology forum: Mobility in organisms? Let's hear your ideas. It's a sawed-off shotgun fired into the air. Picking one security issue or an actual, open problem you're facing with some GODDAMNED WORKING CODE would be more likely to fruit.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||