• 11 Sep
    Sprawl 5.0

    Wohoo, new site release! Time for celebration.

    This milestone introduced me to the world of web frameworks. I have previously implemented a relatively complete MVC framework using the standard LAMP set up; however, it quickly became apparent that the effort to implement features involving authentication, session management, user input filtering, etc. is a sure way to introduce vulnerabilities to the site. The complexity of modern web applications as well the increased sophistication of attackers should promote web developers to start using web frameworks exclusively just as they have already learned never to implement custom cryptographic algorithms and rely on toolkits (OpenSSL) instead.

    Following the above logic, I have chosen the Django Framework as a foundation for the site. Django is a well maintained project with frequent updates and excellent documentation. The security is ranked very high in the project's design goals. For example, the Django framework implements solid authentication and session management mechanisms. The framework has several defense mechanisms for common web attacks such as SQL Injection, XSS, CSRF and Clickjacking. However, as with other web application frameworks, the likely exploitation vector of the Django framework is likely in the myriad of 3rd party apps available for it and not in the well-tested core codebase.

    Enjoy the new site.


    All original content on this site is copyright protected and licensed under Creative Commons - Attribution, NonCommercial, ShareAlike 4.0 International.