WebApp Sec mailing list archives
Re: Secure Coding for Newbies?
From: Michael R.Bagnall <mike () powertools net>
Date: Mon, 28 Oct 2002 09:47:45 -0600
I really don't think that this list is the place to debate what is a "good" or a "bad" language for web applications. I've been writing web applications in perl for years and have been able to do many things that people writing in other languages either could not, or have not done. The point of the post was to get information on the best and most secure ways to write code in PHP.... editorializing really isn't the point here.
For whatever it's worth... On Monday, Oct 28, 2002, at 09:31 US/Central, Kevin Spett wrote:
Well, to start with, I think Perl is a bad language for web applications, and I think PHP is truly terrible. There are serious design flaws in PHP (such as giving the client access to all variables) and that coding in itsecurely is annoying enough to make it not worthwhile. In addition, itlooks bad. You've got HTML, JavaScript, application code and database code all in a single document, which is no fun at all. Using JSP/XSLT, servletsand Java beans is a much nicer solution from many angles.But hey, if you want an easy-to-read guide to secure PHP programming, checkthis out: http://www.zend.com/zend/art/art-oertli.php Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Message ----- From: "Joe User" <joeuser () blazemail com> To: <webappsec () securityfocus com> Sent: Monday, October 28, 2002 6:03 AM Subject: Secure Coding for Newbies?written a few small scripts for personal use, but I want to start writing scripts that will be used by / open to the public, and want to write themHi,I'm a beginner in PHP and Perl coding and would like a little help! I'vewith security in the forefront.webapp security problems and examples of how to avoid them. Many sites say "validate user input" or "avoid path traversal" or "beware of include files"I'm having a hard time finding specific, concrete examples of commonbut don't give good examples of *how* I'm supposed to do these things!Dummies" as a building block. Can anybody point to useful resources for this? The OWASP guide seems to be more of a guide for competent coders whoI guess I'm looking for something along the lines of "Webapp Security foralready know how to avoid the problems listed. :)Thanks! _____________________________________________________________ Fight the power! BlazeMail.com _____________________________________________________________Select your own custom email address for FREE! Get you () yourchoice com w/NoAds, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag
Thanks; Michael R. Bagnall Powertools Productions, LLC. mbagnall () powertools net / http://www.powertools.net (615) 453-1141 / (800) 444-1563
Current thread:
- Secure Coding for Newbies? Joe User (Oct 28)
- Re: Secure Coding for Newbies? Kevin Spett (Oct 28)
- Re: Secure Coding for Newbies? Jeff Williams @ Aspect (Oct 28)
- Re: Secure Coding for Newbies? Michael R . Bagnall (Oct 28)
- Re: Secure Coding for Newbies? Alex Russell (Oct 28)
- Re: Secure Coding for Newbies? security (Oct 28)
- Re: Secure Coding for Newbies? Dave Aitel (Oct 28)
- Re: Secure Coding for Newbies? Dan Cuthbert (Oct 28)
- Re: Secure Coding for Newbies? zeno (Oct 28)
- Re: Secure Coding for Newbies? Kevin Spett (Oct 28)