Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

Comment: added references for taint info

...

The CERT Oracle Secure Coding Standard for Java	IDS00-J. Sanitize untrusted data passed across a trust boundary
CERT C Secure Coding Standard	STR02-C. Sanitize data passed to complex subsystems
CERT C++ Secure Coding Standard	STR02-CPP. Sanitize data passed to complex subsystems

Bibliography

Birznieks, Gunther, "CGI/Perl Taint Mode FAQ Version 1.0", June 3, 1998

[CPAN] Stosberg, Mark. CGI

[CPAN] Bunce, Tim. DBI

Lester, Andy. "Perl's taint mode to the rescue", O'Reilly OULamp.com. Friday November 17, 2006 1:51PM

Vulnerability Note VU#246409: "Input validation error in quikstore.cgi allows attackers to execute commands"

Vulnerability Note VU#282403: "AdCycle does not adequately validate user input thereby allowing for SQL injection"

[Wall 2011] perlsec

...