MP3 - SQLi, XSS, and CSRF WriteUp
A group of students identified and fixed several security vulnerabilities in a Python web application. They focused on SQL injection, CSRF, and XSS vulnerabilities, documenting their findings and solutions. The team successfully implemented parameterized queries to mitigate the risks associated with these vulnerabilities.
- ▪The application had seven SQL injection vulnerabilities, two CSRF vulnerabilities, and one XSS vulnerability.
- ▪The vulnerabilities were primarily due to the application concatenating user input directly into SQL query strings.
- ▪The team applied parameterized queries to fix the identified SQL injection issues.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3760057) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } 134A6_Thoughts Posted on May 30 MP3 - SQLi, XSS, and CSRF WriteUp #python #security #sql #webdev Introduction For Machine Problem 3, our group — Aki, Lark, and Carl — was tasked with finding and fixing security vulnerabilities in a sample web application written in Python (Flask) with sqlite3 as its database. The application has a login page and a posts page where users can view and create their own posts.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
