Special risks to CGI scripts

• Denial of Service
• Sending forged email
• Tricking CGI program into running commands
• Teach CGI programmers about safe CGI scripting habits
  • CERT's How To Remove Meta-characters From User-Supplied Data In CGI Scripts
  • The World Wide Web Security FAQ
  • NCSA's Writing secure CGI scripts
  • Security Code Review Guidelines by Adam Shostack (advanced)

[Next] | [Prev] | [Top]