This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Perl"
Dinis.cruz (talk | contribs) |
Dinis.cruz (talk | contribs) |
||
Line 84: | Line 84: | ||
[http://search.cpan.org/~lushe/Authen-Quiz-0.05/lib/Authen/Quiz.pm Authen::Quiz]<br> | [http://search.cpan.org/~lushe/Authen-Quiz-0.05/lib/Authen/Quiz.pm Authen::Quiz]<br> | ||
− | [[Category: | + | [[Category:Language]] |
Revision as of 09:59, 30 August 2010
This page should collect together any resources relating to Perl and OWASP or security in general.
It is perhaps odd that this page is so new:
- Perl has long been an open source language and often associated with the internet.
- It offers what seems to be a much under-used method of combating many sorts of exploit namely taint mode. This forces every "input" to the program to be checked for malign influences before it is allowed to effect the "outside" of the program.
Possible perl OWASP projects
- Perl ports of multi-language OWASP projects, for example AntiSamy.
- Review of CPAN modules according to OWASP standards, for example CGI::Application::Plugin::Authentication.
- A perl module to measure the strength of passwords.
Perl resources
Perl modules
An attempt to list and classify perl modules related to web security. This should lead on to discussion of vulnerabilities.
Web frameworks
Authentication modules will often be framework specific so let's list those.
Framework | Authentication | Authorization | Comments |
---|---|---|---|
Catalyst | Catalyst::Plugin::Authentication |
The same module also covers authorization via the concept of realms. |
Catalyst seems to have issues with taint mode. |
CGI::Application | CGI::Application::Plugin::Authentication | CGI::Application::Plugin::Authorization | Not a very coherent framework, multiple authors |
Jifty | Jifty::Plugin::Authentication | n/a | ? |
Mojolicious | |
|
|
Dancer | |
|
|
Authentication
A lot of generic authentication modules can be found on CPAN.
Also HTTPD::User::Manage.
Authorization
I am not aware of anything generic.
HTML validation
Anything similar to AntiSamy should go here.
Password strength
CAPTCHA alternatives
These are attempts to distinguish human and robot users. CAPTCHA is not perfect at this and is highly inaccessible.