OWASP - User contributions [en]

Perl

2019-04-16T10:06:51Z

Marto: /* Password strength */

{{taggedDocument}}
This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#[[OWASP ESAPI Perl Project]] has been started.
#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==
An attempt to list and classify perl modules related to web security. This should lead on to discussion of vulnerabilities.

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization]
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| [http://search.cpan.org/~alexmv/Jifty-0.91117/lib/Jifty/Plugin/Authentication/Password.pm Jifty::Plugin::Authentication]
| n/a
| ?
|- style="vertical-align: top;"
| [http://mojolicious.org/ Mojolicious]
|[https://metacpan.org/pod/Mojolicious::Plugin::Authentication Mojolicious::Plugin::Authentication] - A plugin to make authentication a bit easier
|
* [https://metacpan.org/pod/Mojolicious::Plugin::Authorization Mojolicious::Plugin::Authorization] - A plugin to make authorization a bit easier

* [https://metacpan.org/pod/Mojolicious::Plugin::BasicAuth Mojolicious::Plugin::BasicAuth] - Basic authorization helper
* [https://metacpan.org/pod/Mojolicious::Plugin::Bcrypt Mojolicious::Plugin::Bcrypt] - Bcrypt helper

* [https://metacpan.org/pod/Mojolicious::Plugin::DigestAuth Mojolicious::Plugin::DigestAuth] - HTTP digest authentication
* [https://metacpan.org/pod/Mojolicious::Plugin::ParamsAuth Mojolicious::Plugin::ParamsAuth] - Parameter authorization helper
* [https://metacpan.org/pod/Mojolicious::Plugin::SslAuth Mojolicious::Plugin::SslAuth] - SSL Client Certificate authorization helper
* [https://metacpan.org/pod/Mojolicious::Plugin::SPNEGO Mojolicious::Plugin::SPNEGO] - Provides SSO by forwarding NTLM requests to an Active Directory Server
| 
|-
| [http://perldancer.org/ Dancer]
| 
| 
| 
|}

=== Authentication ===

A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].

Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage]. 

=== Authorization ===

I am not aware of anything generic.

=== HTML validation/cleanup ===

Anything similar to [[AntiSamy]] should go here.

[http://search.cpan.org/perldoc?HTML::Scrubber HTML::Scrubber]

[https://metacpan.org/pod/HTML::Tidy5 HTML::Tidy5]

There is a discussion on this subject going on at [http://perlmonks.org/?node_id=861639 PerlMonks:Dynamic HTML cleanup].

=== Password strength ===

[http://search.cpan.org/perldoc?Data::Password::Entropy Data::Password::Entropy]

[https://metacpan.org/pod/Data::Password::zxcvbn Data::Password::zxcvbn] a port of Dropbox’s JavaScript implementation. Discussed in detail in [https://www.perl.com/article/how-strong-is-your-password-/ How strong is your password?] 

=== CAPTCHA alternatives ===
These are attempts to distinguish human and robot users. CAPTCHA is not perfect at this and is highly inaccessible.

[http://search.cpan.org/~lushe/Authen-Quiz-0.05/lib/Authen/Quiz.pm Authen::Quiz]

[https://metacpan.org/pod/Dancer::Plugin::reCAPTCHA Dancer::Plugin::reCAPTCHA] [https://metacpan.org/pod/Mojolicious::Plugin::Recaptcha Mojolicious::Plugin::Recaptcha]

[[Category:Language]]

Perl

2019-04-16T09:42:44Z

Marto: /* Password strength */

{{taggedDocument}}
This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#[[OWASP ESAPI Perl Project]] has been started.
#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==
An attempt to list and classify perl modules related to web security. This should lead on to discussion of vulnerabilities.

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization]
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| [http://search.cpan.org/~alexmv/Jifty-0.91117/lib/Jifty/Plugin/Authentication/Password.pm Jifty::Plugin::Authentication]
| n/a
| ?
|- style="vertical-align: top;"
| [http://mojolicious.org/ Mojolicious]
|[https://metacpan.org/pod/Mojolicious::Plugin::Authentication Mojolicious::Plugin::Authentication] - A plugin to make authentication a bit easier
|
* [https://metacpan.org/pod/Mojolicious::Plugin::Authorization Mojolicious::Plugin::Authorization] - A plugin to make authorization a bit easier

* [https://metacpan.org/pod/Mojolicious::Plugin::BasicAuth Mojolicious::Plugin::BasicAuth] - Basic authorization helper
* [https://metacpan.org/pod/Mojolicious::Plugin::Bcrypt Mojolicious::Plugin::Bcrypt] - Bcrypt helper

* [https://metacpan.org/pod/Mojolicious::Plugin::DigestAuth Mojolicious::Plugin::DigestAuth] - HTTP digest authentication
* [https://metacpan.org/pod/Mojolicious::Plugin::ParamsAuth Mojolicious::Plugin::ParamsAuth] - Parameter authorization helper
* [https://metacpan.org/pod/Mojolicious::Plugin::SslAuth Mojolicious::Plugin::SslAuth] - SSL Client Certificate authorization helper
* [https://metacpan.org/pod/Mojolicious::Plugin::SPNEGO Mojolicious::Plugin::SPNEGO] - Provides SSO by forwarding NTLM requests to an Active Directory Server
| 
|-
| [http://perldancer.org/ Dancer]
| 
| 
| 
|}

=== Authentication ===

A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].

Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage]. 

=== Authorization ===

I am not aware of anything generic.

=== HTML validation/cleanup ===

Anything similar to [[AntiSamy]] should go here.

[http://search.cpan.org/perldoc?HTML::Scrubber HTML::Scrubber]

[https://metacpan.org/pod/HTML::Tidy5 HTML::Tidy5]

There is a discussion on this subject going on at [http://perlmonks.org/?node_id=861639 PerlMonks:Dynamic HTML cleanup].

=== Password strength ===

[http://search.cpan.org/perldoc?Data::Password::Entropy Data::Password::Entropy]

[https://metacpan.org/pod/Data::Password::zxcvbn Data::Password::zxcvbn] a port of Dropbox’s JavaScript implementation. 

=== CAPTCHA alternatives ===
These are attempts to distinguish human and robot users. CAPTCHA is not perfect at this and is highly inaccessible.

[http://search.cpan.org/~lushe/Authen-Quiz-0.05/lib/Authen/Quiz.pm Authen::Quiz]

[https://metacpan.org/pod/Dancer::Plugin::reCAPTCHA Dancer::Plugin::reCAPTCHA] [https://metacpan.org/pod/Mojolicious::Plugin::Recaptcha Mojolicious::Plugin::Recaptcha]

[[Category:Language]]

Perl

2019-04-15T15:37:06Z

Marto: /* CAPTCHA alternatives */ - Add modules

{{taggedDocument}}
This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#[[OWASP ESAPI Perl Project]] has been started.
#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==
An attempt to list and classify perl modules related to web security. This should lead on to discussion of vulnerabilities.

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization]
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| [http://search.cpan.org/~alexmv/Jifty-0.91117/lib/Jifty/Plugin/Authentication/Password.pm Jifty::Plugin::Authentication]
| n/a
| ?
|- style="vertical-align: top;"
| [http://mojolicious.org/ Mojolicious]
|[https://metacpan.org/pod/Mojolicious::Plugin::Authentication Mojolicious::Plugin::Authentication] - A plugin to make authentication a bit easier
|
* [https://metacpan.org/pod/Mojolicious::Plugin::Authorization Mojolicious::Plugin::Authorization] - A plugin to make authorization a bit easier

* [https://metacpan.org/pod/Mojolicious::Plugin::BasicAuth Mojolicious::Plugin::BasicAuth] - Basic authorization helper
* [https://metacpan.org/pod/Mojolicious::Plugin::Bcrypt Mojolicious::Plugin::Bcrypt] - Bcrypt helper

* [https://metacpan.org/pod/Mojolicious::Plugin::DigestAuth Mojolicious::Plugin::DigestAuth] - HTTP digest authentication
* [https://metacpan.org/pod/Mojolicious::Plugin::ParamsAuth Mojolicious::Plugin::ParamsAuth] - Parameter authorization helper
* [https://metacpan.org/pod/Mojolicious::Plugin::SslAuth Mojolicious::Plugin::SslAuth] - SSL Client Certificate authorization helper
* [https://metacpan.org/pod/Mojolicious::Plugin::SPNEGO Mojolicious::Plugin::SPNEGO] - Provides SSO by forwarding NTLM requests to an Active Directory Server
| 
|-
| [http://perldancer.org/ Dancer]
| 
| 
| 
|}

=== Authentication ===

A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].

Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage]. 

=== Authorization ===

I am not aware of anything generic.

=== HTML validation/cleanup ===

Anything similar to [[AntiSamy]] should go here.

[http://search.cpan.org/perldoc?HTML::Scrubber HTML::Scrubber]

[https://metacpan.org/pod/HTML::Tidy5 HTML::Tidy5]

There is a discussion on this subject going on at [http://perlmonks.org/?node_id=861639 PerlMonks:Dynamic HTML cleanup].

=== Password strength ===

[http://search.cpan.org/perldoc?Data::Password::Entropy Data::Password::Entropy] 

=== CAPTCHA alternatives ===
These are attempts to distinguish human and robot users. CAPTCHA is not perfect at this and is highly inaccessible.

[http://search.cpan.org/~lushe/Authen-Quiz-0.05/lib/Authen/Quiz.pm Authen::Quiz]

[https://metacpan.org/pod/Dancer::Plugin::reCAPTCHA Dancer::Plugin::reCAPTCHA] [https://metacpan.org/pod/Mojolicious::Plugin::Recaptcha Mojolicious::Plugin::Recaptcha]

[[Category:Language]]

Perl

2019-04-15T15:21:10Z

Marto: Initial edit of Mojolicious entry - add plugins

{{taggedDocument}}
This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#[[OWASP ESAPI Perl Project]] has been started.
#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==
An attempt to list and classify perl modules related to web security. This should lead on to discussion of vulnerabilities.

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization]
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| [http://search.cpan.org/~alexmv/Jifty-0.91117/lib/Jifty/Plugin/Authentication/Password.pm Jifty::Plugin::Authentication]
| n/a
| ?
|-style="vertical-align: top;"
| [http://mojolicious.org/ Mojolicious]
|[https://metacpan.org/pod/Mojolicious::Plugin::Authentication Mojolicious::Plugin::Authentication] - A plugin to make authentication a bit easier
|
* [https://metacpan.org/pod/Mojolicious::Plugin::Authorization Mojolicious::Plugin::Authorization] - A plugin to make authorization a bit easier
* [https://metacpan.org/pod/Mojolicious::Plugin::BasicAuth Mojolicious::Plugin::BasicAuth] - Basic authorization helper[https://metacpan.org/pod/Mojolicious::Plugin::Bcrypt Mojolicious::Plugin::Bcrypt] - Bcrypt helper
* [https://metacpan.org/pod/Mojolicious::Plugin::DigestAuth Mojolicious::Plugin::DigestAuth] - HTTP digest authentication
* [https://metacpan.org/pod/Mojolicious::Plugin::ParamsAuth Mojolicious::Plugin::ParamsAuth] - Parameter authorization helper
* [https://metacpan.org/pod/Mojolicious::Plugin::SslAuth Mojolicious::Plugin::SslAuth] - SSL Client Certificate authorization helper
* [https://metacpan.org/pod/Mojolicious::Plugin::SPNEGO Mojolicious::Plugin::SPNEGO] - Provides SSO by forwarding NTLM requests to an Active Directory Server
| 
|-
| [http://perldancer.org/ Dancer]
| 
| 
| 
|}

=== Authentication ===

A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].

Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage]. 

=== Authorization ===

I am not aware of anything generic.

=== HTML validation/cleanup ===

Anything similar to [[AntiSamy]] should go here.

[http://search.cpan.org/perldoc?HTML::Scrubber HTML::Scrubber]

There is a discussion on this subject going on at [http://perlmonks.org/?node_id=861639 PerlMonks:Dynamic HTML cleanup].

=== Password strength ===

[http://search.cpan.org/perldoc?Data::Password::Entropy Data::Password::Entropy] 

=== CAPTCHA alternatives ===
These are attempts to distinguish human and robot users. CAPTCHA is not perfect at this and is highly inaccessible.

[http://search.cpan.org/~lushe/Authen-Quiz-0.05/lib/Authen/Quiz.pm Authen::Quiz] 

[[Category:Language]]