|
WebApp Sec
mailing list archives
Re: Secure Coding for Newbies?
From: Michael R.Bagnall <mike () powertools net>
Date: Mon, 28 Oct 2002 09:47:45 -0600
I really don't think that this list is the place to debate what is a
"good" or a "bad" language for web applications. I've been writing web
applications in perl for years and have been able to do many things
that people writing in other languages either could not, or have not
done. The point of the post was to get information on the best and most
secure ways to write code in PHP.... editorializing really isn't the
point here.
For whatever it's worth...
On Monday, Oct 28, 2002, at 09:31 US/Central, Kevin Spett wrote:
Well, to start with, I think Perl is a bad language for web
applications,
and I think PHP is truly terrible. There are serious design flaws in
PHP
(such as giving the client access to all variables) and that coding in
it
securely is annoying enough to make it not worthwhile. In addition, it
looks bad. You've got HTML, JavaScript, application code and database
code
all in a single document, which is no fun at all. Using JSP/XSLT,
servlets
and Java beans is a much nicer solution from many angles.
But hey, if you want an easy-to-read guide to secure PHP programming,
check
this out: http://www.zend.com/zend/art/art-oertli.php
Kevin Spett
SPI Labs
http://www.spidynamics.com/
----- Original Message -----
From: "Joe User" <joeuser () blazemail com>
To: <webappsec () securityfocus com>
Sent: Monday, October 28, 2002 6:03 AM
Subject: Secure Coding for Newbies?
Hi,
I'm a beginner in PHP and Perl coding and would like a little help!
I've
written a few small scripts for personal use, but I want to start
writing
scripts that will be used by / open to the public, and want to write
them
with security in the forefront.
I'm having a hard time finding specific, concrete examples of common
webapp security problems and examples of how to avoid them. Many
sites say
"validate user input" or "avoid path traversal" or "beware of include
files"
but don't give good examples of *how* I'm supposed to do these things!
I guess I'm looking for something along the lines of "Webapp Security
for
Dummies" as a building block. Can anybody point to useful resources
for
this? The OWASP guide seems to be more of a guide for competent
coders who
already know how to avoid the problems listed. :)
Thanks!
_____________________________________________________________
Fight the power! BlazeMail.com
_____________________________________________________________
Select your own custom email address for FREE! Get you () yourchoice com
w/No
Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag
Thanks;
Michael R. Bagnall
Powertools Productions, LLC.
mbagnall () powertools net / http://www.powertools.net
(615) 453-1141 / (800) 444-1563
 By Date 
By Thread
Current thread:
|
Intro
