OWASP - User contributions [en]

Perl

2010-09-24T10:57:42Z

Nicholas Bamber:

This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==
An attempt to list and classify perl modules related to web security. This should lead on to discussion of vulnerabilities.

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization]
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| [http://search.cpan.org/~alexmv/Jifty-0.91117/lib/Jifty/Plugin/Authentication/Password.pm Jifty::Plugin::Authentication]
| n/a
| ?
|-
| [http://mojolicious.org/ Mojolicious]
| 
| 
| 
|-
| [http://perldancer.org/ Dancer]
| 
| 
| 
|}

=== Authentication ===

A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].

Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage]. 

=== Authorization ===

I am not aware of anything generic.

=== HTML validation/cleanup ===

Anything similar to [[AntiSamy]] should go here.

[http://search.cpan.org/perldoc?HTML::Scrubber HTML::Scrubber]

There is a discussion on this subject going on at [http://perlmonks.org/?node_id=861639 PerlMonks:Dynamic HTML cleanup].

=== Password strength ===

[http://search.cpan.org/perldoc?Data::Password::Entropy Data::Password::Entropy] 

=== CAPTCHA alternatives ===
These are attempts to distinguish human and robot users. CAPTCHA is not perfect at this and is highly inaccessible.

[http://search.cpan.org/~lushe/Authen-Quiz-0.05/lib/Authen/Quiz.pm Authen::Quiz] 

[[Category:Language]]

Perl

2010-07-26T18:43:51Z

Nicholas Bamber:

This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==
An attempt to list and classify perl modules related to web security. This should lead on to discussion of vulnerabilities.

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization]
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| [http://search.cpan.org/~alexmv/Jifty-0.91117/lib/Jifty/Plugin/Authentication/Password.pm Jifty::Plugin::Authentication]
| n/a
| ?
|-
| [http://mojolicious.org/ Mojolicious]
| 
| 
| 
|-
| [http://perldancer.org/ Dancer]
| 
| 
| 
|}

=== Authentication ===

A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].

Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage]. 

=== Authorization ===

I am not aware of anything generic.

=== HTML validation ===

Anything similar to [[AntiSamy]] should go here.

[http://search.cpan.org/perldoc?HTML::Scrubber HTML::Scrubber]

=== Password strength ===

[http://search.cpan.org/perldoc?Data::Password::Entropy Data::Password::Entropy] 

=== CAPTCHA alternatives ===
These are attempts to distinguish human and robot users. CAPTCHA is not perfect at this and is highly inaccessible.

[http://search.cpan.org/~lushe/Authen-Quiz-0.05/lib/Authen/Quiz.pm Authen::Quiz]

Perl

2010-07-26T18:42:38Z

Nicholas Bamber:

This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==
An attempt to list and classify perl modules related to web security. This should lead on to discussion of vulnerabilities.

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization]
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| [http://search.cpan.org/~alexmv/Jifty-0.91117/lib/Jifty/Plugin/Authentication/Password.pm Jifty::Plugin::Authentication]
| 
| 
|-
| [http://mojolicious.org/ Mojolicious]
| 
| 
| 
|-
| [http://perldancer.org/ Dancer]
| 
| 
| 
|}

=== Authentication ===

A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].

Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage]. 

=== Authorization ===

I am not aware of anything generic.

=== HTML validation ===

Anything similar to [[AntiSamy]] should go here.

[http://search.cpan.org/perldoc?HTML::Scrubber HTML::Scrubber]

=== Password strength ===

[http://search.cpan.org/perldoc?Data::Password::Entropy Data::Password::Entropy] 

=== CAPTCHA alternatives ===
These are attempts to distinguish human and robot users. CAPTCHA is not perfect at this and is highly inaccessible.

[http://search.cpan.org/~lushe/Authen-Quiz-0.05/lib/Authen/Quiz.pm Authen::Quiz]

Perl

2010-07-26T18:40:01Z

Nicholas Bamber:

This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==
An attempt to list and classify perl modules related to web security. This should lead on to discussion of vulnerabilities.

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization]
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| 
| 
| 
|-
| [http://mojolicious.org/ Mojolicious]
| 
| 
| 
|-
| [http://perldancer.org/ Dancer]
| 
| 
| 
|}

=== Authentication ===

A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].

Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage]. 

=== Authorization ===

I am not aware of anything generic.

=== HTML validation ===

Anything similar to [[AntiSamy]] should go here.

[http://search.cpan.org/perldoc?HTML::Scrubber HTML::Scrubber]

=== Password strength ===

[http://search.cpan.org/perldoc?Data::Password::Entropy Data::Password::Entropy] 

=== CAPTCHA alternatives ===
These are attempts to distinguish human and robot users. CAPTCHA is not perfect at this and is highly inaccessible.

[http://search.cpan.org/~lushe/Authen-Quiz-0.05/lib/Authen/Quiz.pm Authen::Quiz]

Perl

2010-07-02T08:19:15Z

Nicholas Bamber:

This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==
An attempt to list and classify perl modules related to web security. This should lead on to discussion of vulnerabilities.

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication ]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization] 
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| 
| 
| 
|-
| [http://mojolicious.org/ Mojolicious]
| 
| 
| 
|-
| [http://perldancer.org/ Dancer]
| 
| 
| 
|}

=== Authentication ===

A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].

Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage]. 

=== Authorization ===

I am not aware of anything generic.

=== HTML validation ===

Anything similar to [[AntiSamy]] should go here.

[http://search.cpan.org/perldoc?HTML::Scrubber HTML::Scrubber]

=== Password strength ===

[http://search.cpan.org/perldoc?Data::Password::Entropy Data::Password::Entropy] 

=== CAPTCHA alternatives ===
These are attempts to distinguish human and robot users. CAPTCHA is not perfect at this and is highly inaccessible.

[http://search.cpan.org/~lushe/Authen-Quiz-0.05/lib/Authen/Quiz.pm Authen::Quiz]

Perl

2010-07-01T18:37:19Z

Nicholas Bamber:

This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication ]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization] 
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| 
| 
| 
|-
| [http://mojolicious.org/ Mojolicious]
| 
| 
| 
|-
| [http://perldancer.org/ Dancer]
| 
| 
| 
|}

=== Authentication ===

A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].

Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage]. 

=== Authorization ===

I am not aware of anything generic.

=== HTML validation ===

Anything similar to [[AntiSamy]] should go here.

[http://search.cpan.org/perldoc?HTML::Scrubber HTML::Scrubber]

=== Password strength ===

[http://search.cpan.org/perldoc?Data::Password::Entropy Data::Password::Entropy]

Perl

2010-07-01T18:34:59Z

Nicholas Bamber:

This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication ]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization] 
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| 
| 
| 
|-
| [http://mojolicious.org/ Mojolicious]
| 
| 
| 
|-
| [http://perldancer.org/ Dancer]
| 
| 
| 
|}

=== Authentication ===

A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].

Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage]. 

=== Authorization ===

I am not aware of anything generic.

=== HTML validation ===

Anything similar to [[AntiSamy]] should go here.

[http://search.cpan.org/perldoc?HTML::Scrubber HTML::Scrubber]

=== Password strength ===

Perl

2010-07-01T18:32:27Z

Nicholas Bamber:

This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication ]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization] 
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| 
| 
| 
|-
| [http://mojolicious.org/ Mojolicious]
| 
| 
| 
|-
| [http://perldancer.org/ Dancer]
| 
| 
| 
|}

=== Authentication ===

A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].

Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage]. 

=== Authorization ===

=== HTML validation ===

=== Password strength ===

Perl

2010-07-01T18:27:20Z

Nicholas Bamber:

This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:

#Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
#It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

== Possible perl OWASP projects ==

#Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
#Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
#A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

== Perl resources ==

#Perl [http://perldoc.perl.org/perlsec.html security] man page
#[http://perlmonks.org Perl Monks]
#[http://www.cgisecurity.com/lib/sips.html Security Issues in Perl Scripts by Jordan Dimov]

== Perl modules ==

=== Web frameworks ===

Authentication modules will often be framework specific so let's list those.

{| border="1" cellspacing="1" cellpadding="1" style="width: 742px; height: 220px;"
|+ Perl web frameworks and their security mechanisms
|-
! scope="col" | Framework
! scope="col" | Authentication
! scope="col" | Authorization
! scope="col" | Comments
|-
| [http://www.catalystframework.org/ Catalyst]
| [http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication Catalyst::Plugin::Authentication] 
| The same module also covers authorization via the concept of realms. 
| Catalyst seems to have issues with taint mode.
|-
| [http://cgi-app.org/ CGI::Application]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authentication CGI::Application::Plugin::Authentication ]
| [http://search.cpan.org/perldoc?CGI::Application::Plugin::Authorization CGI::Application::Plugin::Authorization] 
| Not a very coherent framework, multiple authors
|-
| [http://jifty.org/view/HomePage Jifty]
| 
| 
|
|-
| [http://mojolicious.org/ Mojolicious]
| 
| 
|
|-
| [http://perldancer.org/ Dancer]
| 
| 
|
|}

=== Authentication ===

=== Authorization ===

=== HTML validation ===

=== Password strength ===

Perl

2010-07-01T18:24:51Z

Nicholas Bamber:

Perl

2010-07-01T18:21:49Z

Nicholas Bamber:

Perl

2010-07-01T18:19:32Z

Nicholas Bamber:

Perl

2010-07-01T18:18:00Z

Nicholas Bamber:

Perl

2010-07-01T18:11:54Z

Nicholas Bamber:

Perl

2010-07-01T17:59:41Z

Nicholas Bamber:

Perl

2010-07-01T17:56:17Z

Nicholas Bamber:

User:Nicholas Bamber

2010-03-30T22:36:41Z

Nicholas Bamber:

I have joined OWASP because it seems like a good place to get a solid understanding of internet security issues.
It was both a disappointment and an opportunity to find very little about [[perl]] here.

My company: [http://www.periapt.co.uk Periapt Technologies]

My LinkedIn profile: [http://uk.linkedin.com/pub/nicholas-peter-bamber/13/998/aa2 Nicholas Bamber]

User:Nicholas Bamber

2010-03-30T22:36:15Z

Nicholas Bamber:

I have joined OWASP because it seems like a good place to get a solid understanding of internet security issues.
It was both a disappointment and an opportunity to find very little about [[perl]] here.

My company: [http://www.periapt.co.uk Periapt Technologies]
My LinkedIn profile: [http://uk.linkedin.com/pub/nicholas-peter-bamber/13/998/aa2]

Perl

2010-03-30T19:28:55Z

Nicholas Bamber: /* Perl resources */

Perl

2010-03-27T16:44:08Z

Nicholas Bamber: /* What you can do */

Perl

2010-03-27T16:30:59Z

Nicholas Bamber:

Perl

2010-03-27T16:16:08Z

Nicholas Bamber: /* Possible perl OWASP projects */

Perl

2010-03-27T16:15:28Z

Nicholas Bamber: /* Perl */

Perl

2010-03-27T16:14:58Z

Nicholas Bamber:

==Perl==
This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:
# Perl has long been an [http://cpansearch.perl.org/src/DAPM/perl-5.10.1/Artistic open source language] and often associated with the internet.
# It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

===Possible perl OWASP projects===
# Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
# Review of CPAN modules according to OWASP standards, for example [http://search.cpan.org/~silasmonk/CGI-Application-Plugin-Authentication-0.17/lib/CGI/Application/Plugin/Authentication.pm CGI::Application::Plugin::Authentication].
# A perl module to measure the [http://en.wikipedia.org/wiki/Password_strength strength of passwords].

Perl

2010-03-27T16:04:54Z

Nicholas Bamber:

Perl

2010-03-27T15:59:28Z

Nicholas Bamber:

Perl

2010-03-27T15:57:53Z

Nicholas Bamber:

Perl

2010-03-27T15:55:31Z

Nicholas Bamber:

This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:
# Perl has long been an open language and often associated with the internet.
# It offers what seems to be a much under-used method of combating many sorts of exploit namely [http://search.cpan.org/~dapm/perl-5.10.1/pod/perlsec.pod#Taint_mode taint] mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

Possible perl OWASP projects might include:
# Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
# Review of CPAN modules according to OWASP standards, for example CGI::Application::Plugin::Authentication.
# A perl module to measure the strength of passwords.

Perl

2010-03-27T15:51:59Z

Nicholas Bamber:

This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:
# Perl has long been an open language and often associated with the internet.
# It offers what seems to be a much under-used method of combating many sorts of exploit namely "taint" mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

Possible perl OWASP projects might include:
# Perl ports of multi-language OWASP projects, for example [[AntiSamy]].
# Review of CPAN modules according to OWASP standards, for example CGI::Application::Plugin::Authentication.
# A perl module to measure the strength of passwords.

Perl

2010-03-27T15:51:23Z

Nicholas Bamber:

This page should collect together any resources relating to [http://www.perl.org/ Perl] and OWASP or security in general.

It is perhaps odd that this page is so new:
# Perl has long been an open language and often associated with the internet.
# It offers what seems to be a much under-used method of combating many sorts of exploit namely "taint" mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

Possible perl OWASP projects might include:
# Perl ports of multi-language OWASP projects, for example AntiSamy.
# Review of CPAN modules according to OWASP standards, for example CGI::Application::Plugin::Authentication.
# A perl module to measure the strength of passwords.

Perl

2010-03-27T15:38:42Z

Nicholas Bamber:

This page should collect together any resources relating to Perl and OWASP or security in general.

It is perhaps odd that this page is so new:
# Perl has long been an open language and often associated with the internet.
# It offers what seems to be a much under-used method of combating many sorts of exploit namely "taint" mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

Possible perl OWASP projects might include:
# Perl ports of multi-language OWASP projects, for example AntiSamy.
# Review of CPAN modules according to OWASP standards, for example CGI::Application::Plugin::Authentication.
# A perl module to measure the strength of passwords.

Perl

2010-03-27T15:38:19Z

Nicholas Bamber:

This page should collect together any resources relating to Perl and OWASP or security in general.

It is perhaps odd that this page is so new:
# Perl has long been an open language and often associated with the internet.</li>
# It offers what seems to be a much under-used method of combating many sorts of exploit namely "taint" mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.</li>

Possible perl OWASP projects might include:
# Perl ports of multi-language OWASP projects, for example AntiSamy.
# Review of CPAN modules according to OWASP standards, for example CGI::Application::Plugin::Authentication.
# A perl module to measure the strength of passwords.

User:Nicholas Bamber

2010-03-26T00:22:30Z

Nicholas Bamber:

Perl

2010-03-26T00:20:30Z

Nicholas Bamber:

This page should collect together any resources relating to Perl and OWASP or security in general.

It is perhaps odd that this page is so new:
<ol>
<li>Perl has long been an open language and often associated with the internet.</li>
<li>It offers what seems to be a much under-used method of combating many sorts of exploit namely "taint" mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.</li>
</ol>

Possible perl OWASP projects might include:
# Perl ports of multi-language OWASP projects, for example AntiSamy.
# Review of CPAN modules according to OWASP standards, for example CGI::Application::Plugin::Authentication.
# A perl module to measure the strength of passwords.

Perl

2010-03-26T00:14:45Z

Nicholas Bamber:

This page should collect together any resources relating to Perl and OWASP or security in general.

It is perhaps odd that this page is so new:
<ol>
<li>Perl has long been an open language and often associated with the internet.</li>
<li>It offers what seems to be a much under-used method of combating many sorts of exploit namely "taint" mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.</li>
</ol>

Possible perl OWASP projects might include:
<ol>
<li>Perl ports of multi-language OWASP projects, for example AntiSamy.</li>
<li>Review of CPAN modules according to OWASP standards, for example CGI::Application::Plugin::Authentication.</li>
<li>A perl module to measure the strength of passwords.</li>
</ol>

Perl

2010-03-25T21:11:33Z

Nicholas Bamber:

Under construction

[[Category:OWASP Project]]

Perl

2010-03-25T21:01:39Z

Nicholas Bamber: Created page with 'Under construction'

Under construction

User:Nicholas Bamber

2010-03-25T20:54:33Z

Nicholas Bamber:

I have joined OWASP because it seems like a good place to get a solid understanding of internet security issues.
It was both a disappointment and an opportunity to find very little about perl here.