“In a short span of years (since 1992, in fact), the Web has
exploded from nonexistence to the gazillions of Web sites found
today. As the Web has grown, so too have the capabilities of Web
technologies. This article focuses on writing CGI scripts: software
that lives on the Web and that, not surprisingly, has critical
security implications.”
“Writing secure CGI scripts is a particularly important
topic because crackers love to hack sites through Web servers (and
other common services), and the best way to nail a Web server is
through CGI (Common Gateway Interface) security problems. In
fact, a number of scripts for finding common CGI vulnerabilities
using simple automated scanning have been floating around the among
“script kiddies” for quite a while (phfscan.c and SiteScan are two
examples)….”
“Despite the existence of new technologies such as ASP
(Application Server Pages), DHTML (Dynamic HTML), and Java
servlets, CGI scripts are still widely used as server-side
solutions to making the Web more dynamic and interactive. CGI
scripts generally allow more flexibility in the choice of
programming language and architecture. You can write a CGI script
in pretty much any programming language under the sun….”