Tag: web applications

Issues with JWT

I hoped this would never happen, but here we go. I have problems with managing to deliver an article for Wednesday not because I have so little time, but because I have no idea for an article. I’ve fooled around a little bit with network recon labs on Pentester Academy, I’ve fooled around python imports, […]

CSRF Protection – Part 2

Before I begin, I owe you an apology. In previous part I told that I would like to describe prevention mechanism, but when I got down to coding, I thought that this would be rather tedious and uninteresting. If you want to see how it works, just go to Flask’s WTF forms extension on github […]

CSRF protection – part 1.

CSRF – Cross Site Request Forgery is an attack in which the user performs unauthorized actions on a web page they are signed in to. In this article I will describe the theory behind it and in next part, I’ll give you some code to fool around with. What is the problem? Imagine you are […]

XSS in Django Admin

AS web developer my every day tasks involve working with Django which I like since it’s quite secure framework (compare with CVE list). Nevertheless as some say: “shit happens” and vulnerabilities are found. Some time ago a problem in admin panel that allowed for XSS attacks was discovered. Example application In order to give you […]