I recently came across the OWASP project:

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

I was however quite disappointed to see that there was nothing about perl on it. Come on brothers! OWASP was founded in 2001, and perl in 1987. So why not? Anyway I dived in and started a page: http://www.owasp.org/index.php/Perl. And I am posting this to try and drum some interest.

As far as I can see Catalyst is never run under taint mode. I hit similar problems with CGI::Application::Plugin::Authentication, until I persuaded Cees Hek to grant me co-maintainer status. Of course taint mode could be rendered useless by simply having the framework detaint everything - that defeats the purpose of taint mode. A more proactive and holistic and systematic approach is required, which is why I think we should be getting involved in this.

Edit: Okay the thread has gone in a different (though still useful direction). Let me rephrase the post. I think perl should be a bigger part of OWASP. What do the monks think is the best way of going about this?

In reply to Could we get a more systematic approach to security in perl? by SilasTheMonk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.