Home Up Stream A Stream B Shell Skills RegExp Skills Perl Skills Resources Using FTP Web Logs Permissions Notes 1 Notes 2 Inodes Unix exploit - PATH


Stream A Stream B Shell Skills RegExp Skills Perl Skills Resources Using FTP Web Logs Permissions Notes 1 Notes 2 Inodes Unix exploit - PATH

Unix/Linux/GNU/HTML/CGI Resources

The Web Developer Virtual Library Tutorials (a complete set of introductory tutorials)

Learning the VI text editor

VI LOVERS HOME PAGE vi Editor Resources (VI text editor tutorial)

Quick Vi Tutorial

Advanced Vi Tutorial

CTC Tutorial on vi (Cornell Tutorial on the vi text editor)

Installing Linux (Carlos Azevedo's FastTrack web) (How to install Linux) (Linux installation and getting started) (Installing Linux)

news:comp.os.linux.setup (Usenet News Group with discussions about setting up Linux.) (Installing the Debian distribution of Linux.) (Installing Red Hat) (Installing Slackware) (Linux Documentation Project - online books; search engines)

Linux MAN Pages Indexed HTML Version - "A Gift to Linux Users: HTML version of the the MAN pages. I'm trying to understand Linux and the documentation sucks. My brain is so full that in order to learn something new I have to forget something to make room for it. So I need docs that I can read and search. I'm sure I speak for a lot of people besides myself that the biggest barrier to Linux is the documentation. It doesn't matter how good it is if you can't figure out how to use it."

Linux Homes and Software (Linux software for download) (Red Hat Linux for Sparc)

Basic Programming

Basic Programming: Loops in Java (applicable to any programming language, e.g. shell, Perl)


The Web Developer Virtual Library: A Taste of Perl

Elara Webdirectory PERLTutorials

Robert's Perl Tutorial (Perl: A Quick Reference and Tutorial)

Elara Webdirectory PERL

Plan - Perl CGI Interactive Tutorial (Perl Tutorial)

A perl Tutorial by Will Morse

A Perl Tutorial Super-Basics

Shell Scripting (Tutorial on Shell Scripts [mostly C Shell])

URL / HTML / CGI / Database

The Web Developer Virtual Library: The Beginners Page

A Beginner's Guide to URLs

NCSA--A Beginner's Guide to HTML Home Page

CGI for the Total Non-Programmer - a tutorial

Elara Webdirectory CGITutorialsProgramming_in_Perl

Web Review - A Complete Database Application in Perl

Elara Webdirectory PERLTutorialsRegular_Expressions

Regular Expressions / sed / grep / vi

Appendix A

Regular Expressions are a powerful pattern-matching language.

To see what's possible once you learn Regular Expressions, read what a Perl master has to say: (Using Regular Expressions)

For help learning Regular Expressions in the vi text editor see "Searching and Replacing text" in this tutorial: (Linux User Guide: Advanced vi Tutorial) (alternate source) (alternate source)

Some materials on learning Regular Expressions: (Tutorial on R.E. in Perl) (Perl Regular Expression "man" page) (Perl Regular Expressions) (Perl Regular Expressions)

Here is a Java applet that lets you experiment with Regular Expressions online: (Java Perl Regular Expression evaluator)

sed, Perl and Regular Expressions

Regular Expressions

Perl Tutorial - First Meeting - Regular Expressions (With cool Java applet!)

82.562 Perl Patterns

Sed Tutorial

Searching and replacing text

Regular Expression in JavaScript 1.2 - Regular Expressions Introduction

Unix for Linguists Regular Expressions

Perl Tutorial (Regular Expressions)

Perl tutorial String matching (Regular Expressions)

Regular expressions (in the FrexxEd editor) (Regular Expressions in Perl)


95.105 Course Notes (At Carleton University)

Regular Expression in JavaScript 1.2 - Regular Expressions Introduction


Linux Administrators Security Guide (LASG)

Rootshell: Network Security incidents and exploits

The WWW Security FAQ

National Security Institute Security Resource Net

Apache Week: Using User Authentication

Bugtraq mailing list archives

L0pht Heavy Industries (Software to find holes and to break into systems)

Dan Farmer: COPS, SATAN, etc.

Deception ToolKit (Make your system appear to be hackable)

Network Security Solutions Ltd. - White Papers and Advisories

A day in the life of a typical Internet host

Computer Virus Myths home page

Securing NIS

Enterprise Network Security and Risk Management


The Web Developer Virtual Library: UNIX (Unix/Linux Filesystem Hierarchy Standard [FHS]) (Unix resources) (Unix Guru Universe) (An online Unix course, text, and study guide by David Jones in Australia)

Microsoft Windows NT Server 4.0 versus UNIX (The technical merits of Unix.) (Linux popularity grows) (GNU Awk Users Guide) (Ethernet IP/ARP packet simulations) (Alt.Fan.Warlord - the art of signatures)

Unix - Frequently Asked Questions - Why do some scripts start with #! ...

The Economist (Hackers Rule - on Open Source Software)

Mastery of Unix

"Mastery of UNIX, like mastery of language, offers real freedom. The price of freedom is always dear, but there's no substitute. Personally, I'd rather pay for my freedom than live in a bitmapped, pop-up-happy dungeon like NT. I'm hoping that as IT folks become more seasoned and less impressed by superficial convenience at the expense of real freedom, they will yearn for the kind of freedom and responsibility UNIX allows. When they do, UNIX will be there to fill the need." - Thomas Scoville, The Elements of Unix Style: Unix as Literature


From Thu Dec 17 14:30:23 1998
From: Aleph One <>
Subject: Re: Learning security [SUMMARY]

This is a summary of the many (and I do mean many) replies. Thanks to
everyone that contributed.

Why do programmers write unsafe code?

- There is no curriculum that addresses computer security in most schools.
- Programming books/classes do not teach secure/safe programming techniques.
- No one uses formal verification methods.
- C is an unsafe language.
- The standard C library string functions are unsafe.
- Programmers do not think 'multiuser'.
- Programmers are human. Humans are lazy.
- Most programmers are simply not good programmers.
- Most programmers are not security people.
- Most security people are not programmers.
- Most computer security models suck.
- Lots of legacy code that is broken.
- Consumers don't care about security.
- Cost in extra developing time.
- Cost in extra testing.

What secure programming resources are available?


"How Attackers Break Programs, and How to Write Programs Securely" by M. Bishop.
<  >


UC David ECS153 "Introduction to Computer Security" (M. Bishop)

EnGarde's Secure Programming Tutorial
<   >


"Designing Secure Software" by Peter Galvin
<   >

"The Unix Secure Programming FAQ" by Peter Galvin
<   >

"A Lab engineers check list for writing secure Unix code" by AUCERT
<   >

"How to find security holes" by Kragen Sitaker
<   >
<   >

"setuid - checklist for security of setuid programs"
<   >

"perlsec - Perl security"
<   >


"Robust Programming" by M. Bishop
< >
<   >
<   >

"How to Write a Setuid Program" by M. Bishop
<   >

"Security Code Review Guidelines" By Adam Shostack
<   >

Talks & Tutorials:

"Writing Safe Privileged Programs" by M. Bishop
<   >
<   >

"UNIX Security: Security in Programming" by M. Bishop
<   >
<   >

"Shifting the Odds: Writing (More) Secure Software" by Steve Bellovin

<   >
<   >

Books on writing secure software:

"Practical Unix and Internet Security" from O'Reilly & Associates
Chapter 22 "Writing Secure SUID and Network Programs"
<   >

Books on writing bug free software:

"Writing Solid Code" by Steve Maguire
<   >

"Code Complete" by Steve McConnel
<   >