SlideShare une entreprise Scribd logo

Secure Scripting

Aung Khant
Aung Khant
Technologie
1  sur  5
Télécharger pour lire hors ligne
A BRIEF INTRODUCTION TO SECURE SCRIPTING Contents 1. Introduction 2. Input taint checking 3. String manipulation 4. File manipulation 5. Use of system calls 6. Variable declaration 1. Introduction These days there are a lot of people that release scripts and programs on to the Internet which people will then download and use without a second thought that they may contain the simplest of security holes which can allow malicious people to attack their servers. In this paper i intend to address some of the common mistakes that are made by the programmers releasing these programs, and how it should be written properly. The paper will mainly focus on Common Gateway Interface (CGI) scripts with examples written in perl (in my opinion the most common language used to write CGI scripts). The paper is, however, relevant to all languages, not just perl. The main way in which CGI scripts are exploited is by a user presenting it with values that
Secure Scripting
Secure Scripting
Secure Scripting
Secure Scripting

Recommandé

Practice of AppSec .NET
Practice of AppSec .NETPractice of AppSec .NET
Practice of AppSec .NETMikhail Shcherbakov
 
Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Frameworkn|u - The Open Security Community
 
Continuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityContinuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityVodqaBLR
 
Android pentesting
Android pentestingAndroid pentesting
Android pentestingMykhailo Antonishyn
 
Android pentesting
Android pentestingAndroid pentesting
Android pentestingMykhailo Antonishyn
 
Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22 Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22 dandb-technology
 
.NET Security Topics
.NET Security Topics.NET Security Topics
.NET Security TopicsShawn Gorrell
 
Web Security Overview and Demo
Web Security Overview and DemoWeb Security Overview and Demo
Web Security Overview and DemoTony Bibbs
 

Recommandé

Practice of AppSec .NET
Practice of AppSec .NETPractice of AppSec .NET
Practice of AppSec .NETMikhail Shcherbakov
 
Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Frameworkn|u - The Open Security Community
 
Continuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityContinuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityVodqaBLR
 
Android pentesting
Android pentestingAndroid pentesting
Android pentestingMykhailo Antonishyn
 
Android pentesting
Android pentestingAndroid pentesting
Android pentestingMykhailo Antonishyn
 
Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22 Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22 dandb-technology
 
.NET Security Topics
.NET Security Topics.NET Security Topics
.NET Security TopicsShawn Gorrell
 
Web Security Overview and Demo
Web Security Overview and DemoWeb Security Overview and Demo
Web Security Overview and DemoTony Bibbs
 
Web App Sec Tisc
Web App Sec TiscWeb App Sec Tisc
Web App Sec TiscAung Khant
 
Protecting Web Based Applications
Protecting Web Based ApplicationsProtecting Web Based Applications
Protecting Web Based ApplicationsAung Khant
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection PaperAung Khant
 
Web Firewall Criteriav1.0
Web Firewall Criteriav1.0Web Firewall Criteriav1.0
Web Firewall Criteriav1.0Aung Khant
 
Trust Survey Online Banking
Trust Survey Online BankingTrust Survey Online Banking
Trust Survey Online BankingAung Khant
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php AppAung Khant
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith PatternsAung Khant
 
Secure coding-guidelines
Secure coding-guidelinesSecure coding-guidelines
Secure coding-guidelinesTrupti Shiralkar, CISSP
 
Challenges of integrating code signing with CI.pdf
Challenges of integrating code signing with CI.pdfChallenges of integrating code signing with CI.pdf
Challenges of integrating code signing with CI.pdfSavinder Puri
 
Node.js security tour
Node.js security tourNode.js security tour
Node.js security tourGiacomo De Liberali
 
Common Gateway Interface ppt
Common Gateway Interface pptCommon Gateway Interface ppt
Common Gateway Interface pptOECLIB Odisha Electronics Control Library
 
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)CSCJournals
 
‘CodeAliker’ - Plagiarism Detection on the Cloud
‘CodeAliker’ - Plagiarism Detection on the Cloud ‘CodeAliker’ - Plagiarism Detection on the Cloud
‘CodeAliker’ - Plagiarism Detection on the Cloud acijjournal
 
10290057.ppt
10290057.ppt10290057.ppt
10290057.pptImXaib
 
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case StudyFinding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case StudyDevOps.com
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 
Cgi
CgiCgi
CgiGirish Srivastava
 
Online java compiler with security editor
Online java compiler with security editorOnline java compiler with security editor
Online java compiler with security editorIRJET Journal
 
Top 10 static code analysis tool
Top 10 static code analysis toolTop 10 static code analysis tool
Top 10 static code analysis toolscmGalaxy Inc
 
FuzzyDbg_Report.pdf
FuzzyDbg_Report.pdfFuzzyDbg_Report.pdf
FuzzyDbg_Report.pdfritviktanksalkar1
 
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesEnterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesAlex Senkevitch
 
php blunders
php blundersphp blunders
php blundersdecatv
 

Contenu connexe

En vedette

Web App Sec Tisc
Web App Sec TiscWeb App Sec Tisc
Web App Sec TiscAung Khant
 
Protecting Web Based Applications
Protecting Web Based ApplicationsProtecting Web Based Applications
Protecting Web Based ApplicationsAung Khant
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection PaperAung Khant
 
Web Firewall Criteriav1.0
Web Firewall Criteriav1.0Web Firewall Criteriav1.0
Web Firewall Criteriav1.0Aung Khant
 
Trust Survey Online Banking
Trust Survey Online BankingTrust Survey Online Banking
Trust Survey Online BankingAung Khant
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php AppAung Khant
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith PatternsAung Khant
 

En vedette (7)

Web App Sec Tisc
Web App Sec TiscWeb App Sec Tisc
Web App Sec Tisc
 
Protecting Web Based Applications
Protecting Web Based ApplicationsProtecting Web Based Applications
Protecting Web Based Applications
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection Paper
 
Web Firewall Criteriav1.0
Web Firewall Criteriav1.0Web Firewall Criteriav1.0
Web Firewall Criteriav1.0
 
Trust Survey Online Banking
Trust Survey Online BankingTrust Survey Online Banking
Trust Survey Online Banking
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php App
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith Patterns
 

Similaire à Secure Scripting

Challenges of integrating code signing with CI.pdf
Challenges of integrating code signing with CI.pdfChallenges of integrating code signing with CI.pdf
Challenges of integrating code signing with CI.pdfSavinder Puri
 
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)CSCJournals
 
‘CodeAliker’ - Plagiarism Detection on the Cloud
‘CodeAliker’ - Plagiarism Detection on the Cloud ‘CodeAliker’ - Plagiarism Detection on the Cloud
‘CodeAliker’ - Plagiarism Detection on the Cloud acijjournal
 
10290057.ppt
10290057.ppt10290057.ppt
10290057.pptImXaib
 
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case StudyFinding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case StudyDevOps.com
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 
Online java compiler with security editor
Online java compiler with security editorOnline java compiler with security editor
Online java compiler with security editorIRJET Journal
 
Top 10 static code analysis tool
Top 10 static code analysis toolTop 10 static code analysis tool
Top 10 static code analysis toolscmGalaxy Inc
 
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesEnterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesAlex Senkevitch
 
php blunders
php blundersphp blunders
php blundersdecatv
 
IRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of CodeIRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of CodeIRJET Journal
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsIJTET Journal
 
Program security
Program securityProgram security
Program securityG Prachi
 
DEF CON 23 - Saif el-sherei and etienne stalmans - fuzzing
DEF CON 23 - Saif el-sherei and etienne stalmans - fuzzingDEF CON 23 - Saif el-sherei and etienne stalmans - fuzzing
DEF CON 23 - Saif el-sherei and etienne stalmans - fuzzingFelipe Prado
 

Similaire à Secure Scripting (20)

Secure coding-guidelines
Secure coding-guidelinesSecure coding-guidelines
Secure coding-guidelines
 
Challenges of integrating code signing with CI.pdf
Challenges of integrating code signing with CI.pdfChallenges of integrating code signing with CI.pdf
Challenges of integrating code signing with CI.pdf
 
Node.js security tour
Node.js security tourNode.js security tour
Node.js security tour
 
Common Gateway Interface ppt
Common Gateway Interface pptCommon Gateway Interface ppt
Common Gateway Interface ppt
 
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
 
‘CodeAliker’ - Plagiarism Detection on the Cloud
‘CodeAliker’ - Plagiarism Detection on the Cloud ‘CodeAliker’ - Plagiarism Detection on the Cloud
‘CodeAliker’ - Plagiarism Detection on the Cloud
 
10290057.ppt
10290057.ppt10290057.ppt
10290057.ppt
 
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case StudyFinding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzers
 
Cgi
CgiCgi
Cgi
 
Online java compiler with security editor
Online java compiler with security editorOnline java compiler with security editor
Online java compiler with security editor
 
Top 10 static code analysis tool
Top 10 static code analysis toolTop 10 static code analysis tool
Top 10 static code analysis tool
 
FuzzyDbg_Report.pdf
FuzzyDbg_Report.pdfFuzzyDbg_Report.pdf
FuzzyDbg_Report.pdf
 
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesEnterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
 
php blunders
php blundersphp blunders
php blunders
 
IRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of CodeIRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of Code
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence Flaws
 
Program security
Program securityProgram security
Program security
 
Staying above a rising security waterline.
Staying above a rising security waterline.Staying above a rising security waterline.
Staying above a rising security waterline.
 
DEF CON 23 - Saif el-sherei and etienne stalmans - fuzzing
DEF CON 23 - Saif el-sherei and etienne stalmans - fuzzingDEF CON 23 - Saif el-sherei and etienne stalmans - fuzzing
DEF CON 23 - Saif el-sherei and etienne stalmans - fuzzing
 

Plus de Aung Khant

Introducing Msd
Introducing MsdIntroducing Msd
Introducing MsdAung Khant
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server IbmAung Khant
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design PatternsAung Khant
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code ReviewAung Khant
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering ExecutiveAung Khant
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web ServersAung Khant
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web AppAung Khant
 
Session Fixation
Session FixationSession Fixation
Session FixationAung Khant
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv OwaspAung Khant
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security IissuesAung Khant
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White PaperAung Khant
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementAung Khant
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1Aung Khant
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege EscalationAung Khant
 
Php Security Workshop
Php Security WorkshopPhp Security Workshop
Php Security WorkshopAung Khant
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApacheAung Khant
 
Protecting Web App
Protecting Web AppProtecting Web App
Protecting Web AppAung Khant
 
Search Attacks
Search AttacksSearch Attacks
Search AttacksAung Khant
 

Plus de Aung Khant (20)

Introducing Msd
Introducing MsdIntroducing Msd
Introducing Msd
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server Ibm
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design Patterns
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code Review
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering Executive
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web Servers
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web App
 
Session Fixation
Session FixationSession Fixation
Session Fixation
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv Owasp
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security Iissues
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White Paper
 
S Shah Web20
S Shah Web20S Shah Web20
S Shah Web20
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec Management
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege Escalation
 
Php Security Workshop
Php Security WorkshopPhp Security Workshop
Php Security Workshop
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl Apache
 
Protecting Web App
Protecting Web AppProtecting Web App
Protecting Web App
 
Ruby Security
Ruby SecurityRuby Security
Ruby Security
 
Search Attacks
Search AttacksSearch Attacks
Search Attacks
 

Dernier

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Dernier (20)

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

Secure Scripting

  • 1. A BRIEF INTRODUCTION TO SECURE SCRIPTING Contents 1. Introduction 2. Input taint checking 3. String manipulation 4. File manipulation 5. Use of system calls 6. Variable declaration 1. Introduction These days there are a lot of people that release scripts and programs on to the Internet which people will then download and use without a second thought that they may contain the simplest of security holes which can allow malicious people to attack their servers. In this paper i intend to address some of the common mistakes that are made by the programmers releasing these programs, and how it should be written properly. The paper will mainly focus on Common Gateway Interface (CGI) scripts with examples written in perl (in my opinion the most common language used to write CGI scripts). The paper is, however, relevant to all languages, not just perl. The main way in which CGI scripts are exploited is by a user presenting it with values that