Web Security

vurnabilities

1. Session Hijacking
2. Cache Poisoning
3. Cross site request forgery CSRF
4. Cross Site scripting XSS
5. Clickjacking
6. SQL Injection
7. Cross Origin Resource Sharing CORS (opens new window)

Securoty Features

1. Session Security

Security Concepts

What is a Session? (opens new window)

• HTTP session token - generated by server and sent to client

• It is not advisable to make sessionID redable @client as then site becomes suseptable to XSS attacks (opens new window)

  • sessionID cookie is hidden from HTTP/js world

• In django, django.contrib.sessions.middleware.SessionMiddleware

• Session database backends.base.SessionBase

• Request session in views, request.session dictionary type DS

HTTP cookie

1. Server -> Browser using set-cookie header (opens new window)
2. Browser(for all subsequent requests) -> Server

do not leak the cookie at client using HTTPOnly (opens new window)

Subscribe to our Newsletter

If you like my work and think it was helpful kindly support my work