Posts Tagged: owasp
-
Flask-Login Session Fixation Vulnerability: How to Regenerate Session IDs After Login
Flask-Login session fixation vuln: No auto session ID regen post-login → attacker hijacks via pre-auth session fixation (OWASP A5). Fix: session.regenerate() after login_user(). Code, audit, tests. Benchmarks: 0 vuln → secure.
-
Implementing Content Security Policy (CSP) Headers in Flask to Prevent XSS
Implement CSP headers in Flask using @after_request, nonces, and report-only mode to mitigate XSS risks. Covers directives, common violations, and verification.