[CentOS] Strange Apache log entry
keith at karsites.net
Sat Aug 28 20:41:06 UTC 2010
On Sat, 28 Aug 2010, Bob McConnell wrote:
> To: CentOS mailing list <centos at centos.org>
> From: Bob McConnell <rmcconne at lightlink.com>
> Subject: Re: [CentOS] Strange Apache log entry
> The best way to attack this problem is to take a close look at the known
> issues and make sure your code doesn't expose any of them. Start by
> reading the OWASP web site. Their annual Top Ten list of
> vulnerabilities is a good place to start. They also have sample code
> snippets in a variety of languages to sanitize and validate input. We
> utilize both their recommendations and code in a number of our sites. It
> gives us a good start toward PCI compliance.
> Another excellent resource is the "SANS-CWE Top 25 Most Dangerous
> Programming Errors". This applies to all applications that have
> network access, not just web pages. The press release explains what
> the list contains.
> Bob McConnell
>  <http://www.owasp.org/index.php/Main_Page>
>  <http://www.owasp.org/index.php/OWASP_Top_Ten_Project>
>  <http://www.sans.org/top25-software-errors/>
>  <http://www.sans.org/top25-software-errors/press-release.php>
Thanks Bob, and everybody else that made suggestions. I've
saved this email for further reference.
So if you are offering web hosting services, it's a fine
balance between securing the server, and allowing users to
write their own scripts (which may have vulnerabilities,) to
host on your server?
More information about the CentOS