On Sat, 28 Aug 2010, Bob McConnell wrote: > To: CentOS mailing list <centos at centos.org> > From: Bob McConnell <rmcconne at lightlink.com> > Subject: Re: [CentOS] Strange Apache log entry > > The best way to attack this problem is to take a close look at the known > issues and make sure your code doesn't expose any of them. Start by > reading the OWASP[1] web site. Their annual Top Ten[2] list of > vulnerabilities is a good place to start. They also have sample code > snippets in a variety of languages to sanitize and validate input. We > utilize both their recommendations and code in a number of our sites. It > gives us a good start toward PCI compliance. > > Another excellent resource is the "SANS-CWE Top 25 Most Dangerous > Programming Errors"[3]. This applies to all applications that have > network access, not just web pages. The press release[4] explains what > the list contains. > > Bob McConnell > N2SPP > > [1] <http://www.owasp.org/index.php/Main_Page> > [2] <http://www.owasp.org/index.php/OWASP_Top_Ten_Project> > [3] <http://www.sans.org/top25-software-errors/> > [4] <http://www.sans.org/top25-software-errors/press-release.php> > Thanks Bob, and everybody else that made suggestions. I've saved this email for further reference. So if you are offering web hosting services, it's a fine balance between securing the server, and allowing users to write their own scripts (which may have vulnerabilities,) to host on your server? Keith