If not carefully designed, a software system that uses scripts (which are often read/writable to the end user) can be extremely vulnerable, not only to malicious attacks, but also to simple coding mistakes and typos made by well-intentioned users. The links on this page lead to various articles on how to make Lua scripts more robust and resistant to security holes, as well as applications of Lua in security solutions.
- See [Lua philosophy] - the small, robust, fast, embeddable nature of Lua can make it well suited for security applications
- [Lua bugs]
- ReadOnlyTables - How to make a table read-only
- SandBoxes - How to execute a script in a secure sandbox
- MemoryLimits - How to limit a script from using too much memory
- CpuLimits? - How to limit a script from using too much CPU time (search on debugging hooks)
- [sandcat] - web vulnerability scanner, with optional Lua scripting
- [modsecurity] - web applications firewall, with optional Lua scripting
- [wireshark] - network protocol analyzer, with optional Lua scripting
- More material is available [SecureProgramming] ([archive.org]).
RecentChanges · preferences
edit · history
Last edited May 14, 2022 10:37 pm GMT (diff)
