Perl and OWASP

James Laver london.pm at jameslaver.com
Sun Mar 28 18:26:59 BST 2010


On Sun, Mar 28, 2010 at 04:55:37PM +0100, Nicholas Bamber wrote:
>
> I am puzzled as to why there has hitherto been so little contact between  
> perl and OWASP. Is anybody out there interested in volunteering some of  
> their coding and code reviewing efforts into improving the security of  
> perl based web applications in a more systematic way? I have tried  
> kicking things off with this page: http://www.owasp.org/index.php/Perl .  
> I look forward to hearing from you guys.

I've got some things in the pipeline regarding it, though they're taking 
a back seat at the minute.

Part of the problem is the complexity of things and the number of 
libraries people use developing web apps. And catalyst is an extremely 
complicated beast to top all of that off.

What is actually required is to systematically audit each library for 
potential pitfalls and see what the system as a larger entity 
potentially opens up in them. And all that could take some time.

--James


More information about the london.pm mailing list