Difference between revisions of "Perl"

Revision as of 18:34, 1 July 2010

This page should collect together any resources relating to Perl and OWASP or security in general.

It is perhaps odd that this page is so new:

Perl has long been an open source language and often associated with the internet.
It offers what seems to be a much under-used method of combating many sorts of exploit namely taint mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.

Perl ports of multi-language OWASP projects, for example AntiSamy.
Review of CPAN modules according to OWASP standards, for example CGI::Application::Plugin::Authentication.
A perl module to measure the strength of passwords.

Authentication modules will often be framework specific so let's list those.

Perl web frameworks and their security mechanisms
Framework	Authentication	Authorization	Comments
Catalyst	Catalyst::Plugin::Authentication	The same module also covers authorization via the concept of realms.	Catalyst seems to have issues with taint mode.
CGI::Application	CGI::Application::Plugin::Authentication	CGI::Application::Plugin::Authorization	Not a very coherent framework, multiple authors
Jifty
Mojolicious
Dancer

A lot of generic authentication modules can be found on CPAN.

I am not aware of anything generic.

Anything similar to AntiSamy should go here.

@@ Line 62: / Line 62: @@
 A lot of generic authentication modules can be found on [http://search.cpan.org/search?query=Authen&mode=all CPAN].
 Also [http://cpansearch.perl.org/src/LDS/HTTPD-User-Manage-1.66/user_manage.html HTTPD::User::Manage].<br>
 === Authorization  ===
+I am not aware of anything generic.
 === HTML validation  ===
+Anything similar to [[AntiSamy]] should go here.
+[http://search.cpan.org/perldoc?HTML::Scrubber HTML::Scrubber]
 === Password strength ===