...
Automated Detection
Tool | Diagnostic | Notes |
|---|---|---|
Taint Modemode | Insecure dependency in parameter \d* of DBI::db=.* method call | Catches SQL injection. |
Related Guidelines
| The CERT Oracle Secure Coding Standard for Java | IDS00-J. Sanitize untrusted data passed across a trust boundary |
...
| [Birznieks] | Birznieks, Gunther, CGI/Perl Taint Mode FAQ, Version 1.0, June 3, 1998 |
|---|---|
| [CPAN] | Bunce, Tim. DBI |
| [CPAN] | Stosberg, Mark. CGI |
| [Lester] | Lester, Andy. "Perl's taint mode to the rescue," O'Reilly OULamp.com. , November 17, 2006 |
| [VU#246409] | Input validation error in quikstore.cgi allows attackers to execute commands |
| [VU#282403] | AdCycle does not adequately validate user input thereby allowing for SQL injection |
| [Wall 2011] | perlsec |
...
...