July 11, 2018

Securing Flask web applications

In this post I’d like to investigate security mechanisms available in Flask. I’ll go through different types of possible vulnerabilities and the way they can be mitigated. XSS Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. source Exploit Consider a form asking for a user input. <form method="post" action="/"> <input type="text" name="tweet"><br> <input type="submit"> </form> And a template to show tweets by other users where user input from above form passed unprocessed: Read more

© Alexey Smirnov 2021