[CentOS] Strange Apache log entry

Keith Roberts keith at karsites.net
Sat Aug 28 20:41:06 UTC 2010

On Sat, 28 Aug 2010, Bob McConnell wrote:

> To: CentOS mailing list <centos at centos.org>
> From: Bob McConnell <rmcconne at lightlink.com>
> Subject: Re: [CentOS] Strange Apache log entry
> The best way to attack this problem is to take a close look at the known
> issues and make sure your code doesn't expose any of them. Start by
> reading the OWASP[1] web site. Their annual Top Ten[2] list of
> vulnerabilities is a good place to start. They also have sample code
> snippets in a variety of languages to sanitize and validate input. We
> utilize both their recommendations and code in a number of our sites. It
> gives us a good start toward PCI compliance.
> Another excellent resource is the "SANS-CWE Top 25 Most Dangerous
> Programming Errors"[3]. This applies to all applications that have
> network access, not just web pages. The press release[4] explains what
> the list contains.
> Bob McConnell
> [1] <http://www.owasp.org/index.php/Main_Page>
> [2] <http://www.owasp.org/index.php/OWASP_Top_Ten_Project>
> [3] <http://www.sans.org/top25-software-errors/>
> [4] <http://www.sans.org/top25-software-errors/press-release.php>
Thanks Bob, and everybody else that made suggestions. I've 
saved this email for further reference.

So if you are offering web hosting services, it's a fine 
balance between securing the server, and allowing users to 
write their own scripts (which may have vulnerabilities,) to 
host on your server?


More information about the CentOS mailing list