On Sat, 28 Aug 2010, Bob McConnell wrote:
> To: CentOS mailing list <centos@xxxxxxxxxx>
> From: Bob McConnell <rmcconne@xxxxxxxxxxxxx>
> Subject: Re: Strange Apache log entry
>
> The best way to attack this problem is to take a close look at the known
> issues and make sure your code doesn't expose any of them. Start by
> reading the OWASP[1] web site. Their annual Top Ten[2] list of
> vulnerabilities is a good place to start. They also have sample code
> snippets in a variety of languages to sanitize and validate input. We
> utilize both their recommendations and code in a number of our sites. It
> gives us a good start toward PCI compliance.
>
> Another excellent resource is the "SANS-CWE Top 25 Most Dangerous
> Programming Errors"[3]. This applies to all applications that have
> network access, not just web pages. The press release[4] explains what
> the list contains.
>
> Bob McConnell
> N2SPP
>
> [1] <http://www.owasp.org/index.php/Main_Page>
> [2] <http://www.owasp.org/index.php/OWASP_Top_Ten_Project>
> [3] <http://www.sans.org/top25-software-errors/>
> [4] <http://www.sans.org/top25-software-errors/press-release.php>
>
Thanks Bob, and everybody else that made suggestions. I've
saved this email for further reference.
So if you are offering web hosting services, it's a fine
balance between securing the server, and allowing users to
write their own scripts (which may have vulnerabilities,) to
host on your server?
Keith
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
