A concise overview of code and configuration-level security issues that commonly arise in Java Server Pages scripts, as well as advice for the mitigation of associated risks.
More articles by Jordan Dimov
We conclude our look at securing PHP code with some advice on programming guidelines, user-input filtering, and configuration settings. Upon finishing this lesson, you should be alert to the major liabilities of working with PHP.
Despite the fact that the language is designed with security in mind, a familiarity with its more dangerous aspects and conformance to common secure programming guidelines is essential to minimizing the possibility of security compromises. The aim of this document is to provide an overview of various security issues with PHP and to offer advice on secure PHP programming practices.
How can we make software that withstands malicious input attacks? We can start by minimizing the set of entities our software trusts and by conscientiously validating all input -- then "hope for the best."
In this second of a two parts, Jordan Dimov and John Viega discuss a method for preventing you from making the security mistakes discussed in their first article.
Perl is one of the most widely used languages for writing interactive applications on the Web, and Perl programs are widely used for various system administration tasks. Applications that serve these tasks must provide reliable access to security sensitive functions and information, and at the same time ensure that no one is granted access to data or functionality that was not intended for them. In this two-part article, Jordan Dimov and John Viega evaluate some of the common security weaknesses and vulnerabilities of Perl applications and give an overview of the features that the Perl language provides to aid the programmer in hardening the security of their applications.