WebApp Sec mailing list archives
Re: Secure Coding for Newbies?
From: "Kevin Spett" <kspett () spidynamics com>
Date: Mon, 28 Oct 2002 10:31:58 -0500
Well, to start with, I think Perl is a bad language for web applications, and I think PHP is truly terrible. There are serious design flaws in PHP (such as giving the client access to all variables) and that coding in it securely is annoying enough to make it not worthwhile. In addition, it looks bad. You've got HTML, JavaScript, application code and database code all in a single document, which is no fun at all. Using JSP/XSLT, servlets and Java beans is a much nicer solution from many angles. But hey, if you want an easy-to-read guide to secure PHP programming, check this out: http://www.zend.com/zend/art/art-oertli.php Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Message ----- From: "Joe User" <joeuser () blazemail com> To: <webappsec () securityfocus com> Sent: Monday, October 28, 2002 6:03 AM Subject: Secure Coding for Newbies?
Hi, I'm a beginner in PHP and Perl coding and would like a little help! I've
written a few small scripts for personal use, but I want to start writing scripts that will be used by / open to the public, and want to write them with security in the forefront.
I'm having a hard time finding specific, concrete examples of common
webapp security problems and examples of how to avoid them. Many sites say "validate user input" or "avoid path traversal" or "beware of include files" but don't give good examples of *how* I'm supposed to do these things!
I guess I'm looking for something along the lines of "Webapp Security for
Dummies" as a building block. Can anybody point to useful resources for this? The OWASP guide seems to be more of a guide for competent coders who already know how to avoid the problems listed. :)
Thanks! _____________________________________________________________ Fight the power! BlazeMail.com _____________________________________________________________ Select your own custom email address for FREE! Get you () yourchoice com w/No
Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag
Current thread:
- Secure Coding for Newbies? Joe User (Oct 28)
- Re: Secure Coding for Newbies? Kevin Spett (Oct 28)
- Re: Secure Coding for Newbies? Jeff Williams @ Aspect (Oct 28)
- Re: Secure Coding for Newbies? Michael R . Bagnall (Oct 28)
- Re: Secure Coding for Newbies? Alex Russell (Oct 28)
- Re: Secure Coding for Newbies? security (Oct 28)
- Re: Secure Coding for Newbies? Dave Aitel (Oct 28)
- Re: Secure Coding for Newbies? Dan Cuthbert (Oct 28)
- Re: Secure Coding for Newbies? zeno (Oct 28)
- Re: Secure Coding for Newbies? Kevin Spett (Oct 28)