Perl Security: 8. Randomly organized extras
Safe CGI programming

If the last article was worryingly and surprisingly still valid having been written in 1999, here is a complete stunner: Written in 1995, this article by Paul Phillips (http://www.go2net.com/people/paulp/cgi-security/safe-cgi.txt) STILL raises some very important points, mistakes we sadly see everyday:

'nobody' *IS* a valid system user, and it *IS* dangerous having an attacker 'get nobody'. It is a good first step towards getting r00t.

Running code without validation

Validating only what gets run with system() (what about exec? Backticks? Pipes?)

And more.