Merhaba
Web uygulamalarının dosya yükleme modülleri, web uygulamalarının en zayıf halkalarından bir tanesidir. Yapılacak herhangi bir hata, sunucu kontrolünün doğrudan saldırganların eline geçmesi ile sonuçlanabilir. Bu nedenle yazılım geliştiricilerine yönelik olacak bu blog yazısında, en çok yapılan hatalara ve benim kanaatime göre en az bilinen saldırı yöntemlerine değinilecektir.
Hey
As we all know, we usually use one or more 3th party application in our Django project and we rarely consider these applications security. In this article I will describe what I found in Markdown python library and how we can use markdown2 without having security issue.
You know output encoding is most important thing when topic comes to XSS. Today I’ve decided to write a article about how to secure your Django application against XSS vulnerabilities. Handing XSS cases with Django is more easy than other frameworks. Your Django app is approximately secure against XSS even if you developed it without security mind. Therefore Django is try to encode specific characters in order to prevent yourself from cross-site scripting. But Django going to be fail under the some circumstances.
PS : If you think any part of this article needs update or changes, feel free to leave comment.
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
