Perl Training Australia -
Perl Security
|
Trainer: |
Paul Fenwick |
|---|
| Length: | 1 day |
|---|
| Notes: |
Course notes |
|---|
| Target Audience: |
Intermediate and experienced Perl programers who are working in the fields of
web programming, system administration, network programming, or other fields
with specific security requirements.
|
|---|
This course was rated Best Overall Tutorial at the SAGE-AU 2004 system administartion
conference in Brisbane. The one day tutorial received an overall score of 4.8
out of 5, making it the highest ranking tutorial of the fifteen presented at the
conference.
This course covers how to use Perl to write secure programs. It investigates
Perl's in-built security features, as well as many commonly encountered issues
and their solutions.
While many techniques in this course are applicable to all operating systems,
parts of this course have a Unix-specific focus.
You will learn:
-
What is computer security,
why and when it matters.
-
Perl's in-built tainting
mechanism, how to use it,
and what it does and does
not protect you against.
-
How to work with files on
multi-tasking, multi-user
operating systems. How
to avoid symlink attacks,
race conditions, and information
disclosure.
-
How to safely execute system
commands. How to avoid
the shell and handle shell
meta-characters.
-
How to safely manipulate Unix
privileges in Perl for scripts
running setuid/setgid, or with other
elevated privileges.
-
How to use Safe compartments
and other sandboxing techniques
to restrict the operations that
Perl is permitted to perform.
-
How to operately safely with
databases. How taint interacts
with Perl's DBI module. How to
recognise and avoid SQL injection
attacks.
-
Unexpected interactions between
Perl and C. How to safely
clean up filesystem paths.
How some of Perl's inbuilt
functions may have unexpected
results. A discussion of
suidperl, its advantages and
disadvantages.
Copyright 2001-2008 Perl Training Australia. Contact us at contact@perltraining.com.au
