Perl

This page has been tagged and needs review. Please help OWASP and document the reason for this, see FixME.

This page should collect together any resources relating to Perl and OWASP or security in general.

It is perhaps odd that this page is so new:

Perl has long been an open source language and often associated with the internet.
It offers what seems to be a much under-used method of combating many sorts of exploit namely taint mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

1 Possible perl OWASP projects
2 Perl resources
3 Perl modules

Possible perl OWASP projects

Perl ports of multi-language OWASP projects, for example AntiSamy.
Review of CPAN modules according to OWASP standards, for example CGI::Application::Plugin::Authentication.
A perl module to measure the strength of passwords.

Perl resources

OWASP ESAPI Perl Project has been started.
Perl security man page
Perl Monks
Security Issues in Perl Scripts by Jordan Dimov

Perl modules

An attempt to list and classify perl modules related to web security. This should lead on to discussion of vulnerabilities.

Web frameworks

Authentication modules will often be framework specific so let's list those.

Perl web frameworks and their security mechanisms
Framework	Authentication	Authorization	Comments
Catalyst	Catalyst::Plugin::Authentication	The same module also covers authorization via the concept of realms.	Catalyst seems to have issues with taint mode.
CGI::Application	CGI::Application::Plugin::Authentication	CGI::Application::Plugin::Authorization	Not a very coherent framework, multiple authors
Jifty	Jifty::Plugin::Authentication	n/a	?
Mojolicious	Mojolicious::Plugin::Authentication - A plugin to make authentication a bit easier	Mojolicious::Plugin::Authorization - A plugin to make authorization a bit easier Mojolicious::Plugin::BasicAuth - Basic authorization helper Mojolicious::Plugin::Bcrypt - Bcrypt helper Mojolicious::Plugin::DigestAuth - HTTP digest authentication Mojolicious::Plugin::ParamsAuth - Parameter authorization helper Mojolicious::Plugin::SslAuth - SSL Client Certificate authorization helper Mojolicious::Plugin::SPNEGO - Provides SSO by forwarding NTLM requests to an Active Directory Server
Dancer

Authentication

A lot of generic authentication modules can be found on CPAN.

Also HTTPD::User::Manage.

Authorization

I am not aware of anything generic.

HTML validation/cleanup

Anything similar to AntiSamy should go here.

HTML::Scrubber

HTML::Tidy5

There is a discussion on this subject going on at PerlMonks:Dynamic HTML cleanup.

Password strength

Data::Password::Entropy

Data::Password::zxcvbn a port of Dropbox’s JavaScript implementation. Discussed in detail in How strong is your password?

CAPTCHA alternatives

These are attempts to distinguish human and robot users. CAPTCHA is not perfect at this and is highly inaccessible.

Authen::Quiz

Dancer::Plugin::reCAPTCHA
Mojolicious::Plugin::Recaptcha

Perl

Possible perl OWASP projects

Perl resources

Perl modules

Web frameworks

Authentication

Authorization

HTML validation/cleanup

Password strength

CAPTCHA alternatives

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools