...
Tool | Diagnostic | Notes |
---|---|---|
Taint mode | Insecure dependency in parameter \d* of DBI::db=.* method call | Catches SQL injection. |
Related Guidelines
SEI CERT C Secure Coding Standard | |
SEI CERT C++ Secure Coding Standard | |
CERT Oracle Secure Coding Standard for Java | IDS00-J. Sanitize untrusted data passed across a trust boundaryPrevent SQL injection |
Bibliography
[Birznieks 1998] | Birznieks, Gunther, CGI/Perl Taint Mode FAQ, Version 1.0, June 3, 1998 |
---|---|
[CGI 2005] | CGI.pm: A Perl5 CGI Library, Function-Oriented vs Object-Oriented Use |
[CPAN] | Bunce, Tim, DBI |
[CPAN] | Stosberg, Mark, CGI |
[Lester 2006] | Lester, Andy, "Perl's taint mode to the rescue," O'Reilly OULamp.com, November 17, 2006 |
[VU#246409] | Input validation error in quikstore.cgi allows attackers to execute commands |
[VU#282403] | AdCycle does not adequately validate user input thereby allowing for SQL injection |
[Wall 2011] | perlsec |
...