This is a collection of examples showing poor web application security practices and examples of how to resolve them. The examples are all provided using PSGI and Plack.
This was originally created by Sterling Hanenkamp as part of a presentation to the Pittsburgh Perl Workshop 2011 using the 2010 version of the Open Web Application Security Project's Top 10 List. It has been updated since for the 2011 and 2013 versions of the Top Ten.
I hope to continue to maintain it as an example of best practice. I provide no warranty that any of these problems or solutions are actual best practice, but they are an attempt toward it.
If you would like to contribute or find a problem, please let me know using one of the many possible communication mechanisms available on github.
All of the code in these examples is made available under the Artistic 2.0 License or the GPL 2.0, whichever you prefer.
Copyright 2016 Andrew Sterling Hanenkamp.