Python Flask XSS - Escape Characters - SQL injection - Cross-Site Scripting - OWASP - Web Security

preview_player
Показать описание
This is a quick video, that cuts right to the point for escaping and protection Flask and other Python web frameworks from the perils of XSS/SQLi or SQL injection/XSRF/etc. Simply include the following in your Flask project.. import flask with escape and apply format and escape to your input(s) ex. username below:
from flask import Flask, request, escape
  1. Noirth Security
  2. xss
  3. python
  4. flask
  5. cross-site scripting
  6. sql
Рекомендации по теме
Python Flask XSS 0:01:04

Python Flask XSS - Escape Characters - SQL injection - Cross-Site Scripting - OWASP - Web Security

How to secure 0:19:30

How to secure our flask app from xss attacks using html module

Flask XSS 0:00:46

Flask XSS

Cross-Site Scripting (XSS) 0:09:31

Cross-Site Scripting (XSS) Explained And Demonstrated By A Pro Hacker!

Python Jail Escape 0:17:00

Python Jail Escape and RCE on a Flask App - Basilic CTF Ep2

XSS ATTACKS | 0:33:20

XSS ATTACKS | Python

XSS DETECTOR - 0:06:44

XSS DETECTOR - PYTHON

Python Flask App 0:09:52

Python Flask App H.A.C.K.E.D - Basilic CTF Ep1

Python Flask CSRF 0:08:56

Python Flask CSRF Protection and Attack Demo

ESCALATING SSTI TO 0:03:48

ESCALATING SSTI TO RCE IN FLASK APPLICATION

What s the 0:04:30

What s the easiest way to escape HTML in Python

Twenty19 fun Project 0:07:08

Twenty19 fun Project Hacking ( Realtime Hacking : XSS , using python script)

IFrame Parent XSS 0:32:03

IFrame Parent XSS - HackTheBox Cyber Apocalypse CTF

Cross Site Scripting 0:11:37

Cross Site Scripting (XSS) tutorial for Beginners

XSS - Vulnerability 0:31:45

XSS - Vulnerability which we deserve (with English subtitles)

XSS Attacks | 0:00:47

XSS Attacks | Cross Site Scripting Explained #shorts

Bug Bounty POC 0:01:16

Bug Bounty POC - XSS attack

SecDim Play: How 0:15:26

SecDim Play: How To Run and Test Challenges Locally - Fix XSS in Flask

PYTHON : How 0:01:11

PYTHON : How to get http headers in flask?

Understanding Cross-site Request 0:12:03

Understanding Cross-site Request Forgery (CSRF) Attacks

CIS30C Unit 11 1:35:48

CIS30C Unit 11 Lecture: Flask and Web App Vulnerability Assessment in Python.

Reassembling Werkzeug's Pin 0:19:10

Reassembling Werkzeug's Pin - Hacking Flask Debug Mode [Part 1]

Macros | Python 0:32:24

Macros | Python Jinja şablonu #3 | Jinja templating in Python part3 | Flask framework #kody_az

How can I 0:04:14

How can I make HTML safe for web browser with python

Комментарии
Автор


Want another free pro-anti-1337-hax tip? Sure.. just cd into your directory with all your Python files relevant to your Flask or other web-based app. And run these simple commands:
grep -in *py

While this is not completely exhaustive, this should make spotting input areas simpler. Just find how your inputs are declared, and make sure the variables are securely handled. You may point the above grep into various directories to be more exhaustive. The reason to not just apply the recursive flag is because you will end up with a bunch of in-built Python scripts spitting across your terminal. Good luck - stay well

Last edit: if your grep results look something like this:
username = request.args.get('username')
You might want to change that to this:
username =

Because the format(escape( ... is what is going to "make safer" the input, well from common XSS attacks.

noirth-security
welcome to shbcf.ru