July 11, 2018
Securing Flask web applications
In this post I’d like to investigate security mechanisms available in Flask. I’ll go through different types of possible vulnerabilities and the way they can be mitigated.
XSS Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. source
Exploit Consider a form asking for a user input.
<form method="post" action="/"> <input type="text" name="tweet"><br> <input type="submit"> </form> And a template to show tweets by other users where user input from above form passed unprocessed:
Read more