[CentOS] Strange Apache log entry
Keith Roberts
keith at karsites.net
Sat Aug 28 20:41:06 UTC 2010
On Sat, 28 Aug 2010, Bob McConnell wrote:
> To: CentOS mailing list <centos at centos.org>
> From: Bob McConnell <rmcconne at lightlink.com>
> Subject: Re: [CentOS] Strange Apache log entry
>
> The best way to attack this problem is to take a close look at the known
> issues and make sure your code doesn't expose any of them. Start by
> reading the OWASP[1] web site. Their annual Top Ten[2] list of
> vulnerabilities is a good place to start. They also have sample code
> snippets in a variety of languages to sanitize and validate input. We
> utilize both their recommendations and code in a number of our sites. It
> gives us a good start toward PCI compliance.
>
> Another excellent resource is the "SANS-CWE Top 25 Most Dangerous
> Programming Errors"[3]. This applies to all applications that have
> network access, not just web pages. The press release[4] explains what
> the list contains.
>
> Bob McConnell
> N2SPP
>
> [1] <http://www.owasp.org/index.php/Main_Page>
> [2] <http://www.owasp.org/index.php/OWASP_Top_Ten_Project>
> [3] <http://www.sans.org/top25-software-errors/>
> [4] <http://www.sans.org/top25-software-errors/press-release.php>
>
Thanks Bob, and everybody else that made suggestions. I've
saved this email for further reference.
So if you are offering web hosting services, it's a fine
balance between securing the server, and allowing users to
write their own scripts (which may have vulnerabilities,) to
host on your server?
Keith
More information about the CentOS
mailing list