WebApp Sec: Re: Secure Coding for Newbies?

[security () pablowe net]

RATS, a freely available code auditing tool, is available for download at
http://www.securesoftware.com/download_form_rats.htm .  This audits PHP,
Perl, Python, etc... for common security vulnerabilities.

I would suggest "Building Secure Software", by Viega and McGraw. 
Published by Addison Wesley, this book provides a faily broad overview
with good examples.

> > Hi,
> >
> > I'm a beginner in PHP and Perl coding and would like a little help!
> > I've
> written a few small scripts for personal use, but I want to start
> writing scripts that will be used by / open to the public, and want to
> write them with security in the forefront.
> > I'm having a hard time finding specific, concrete examples of common
> webapp security problems and examples of how to avoid them.  Many sites
> say "validate user input" or "avoid path traversal" or "beware of
> include files" but don't give good examples of *how* I'm supposed to do
> these things!
> > I guess I'm looking for something along the lines of "Webapp Security
> > for
> Dummies" as a building block.  Can anybody point to useful resources for
> this?  The OWASP guide seems to be more of a guide for competent coders
> who already know how to avoid the problems listed.  :)
> > Thanks!
> >
> > _____________________________________________________________
> > Fight the power!  BlazeMail.com
> >
> > _____________________________________________________________
> > Select your own custom email address for FREE! Get you () yourchoice com
> > w/No
> Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag