Security-aware programming with Perl

Arjan de Vet, Madison Gurkha
devet@madison-gurkha.com

Abstract

Security is not about having just a correctly configured firewall in place anymore. More and more security vulnerabilities arise due to badly written applications which can often be forced into doing things they were not supposed to do.

Many of those applications are written in Perl; especially for web sites Perl is very popular. However, the power of the Perl language also makes those applications a nice target for people with bad intentions. And the majority of web programmers program for 'cool' functionality only.

This talk will discuss examples of past security problems in Perl scripts, discuss hints and tips to avoid security problems and will show how Perl can help you avoiding security problems, however, only to a certain extend.

About the author

Arjan de Vet studied Computing Science at Eindhoven University where he also worked as a researcher for four years. After doing his military service he joined Philips C&P in 1995, nowadays called Atos Origin, where he worked on a wide range of Internet related topics with a strong focus on security. As of July 1st 2001 he is a partner and security consultant at Madison Gurkha, a company specializing in security. During his whole career he has used PERL with a special interest in writing and auditing of scripts that can be used with elevated privileges or in hostile environments (like a webserver on the public Internet).