<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<meta charset="utf-8">

<meta http-equiv="X-UA-Compatible" content="IE=edge">

<meta name="viewport" content="width=device-width, initial-scale=1.0">

<meta name="description" content="Full Stack Python shows how an entire Python web application is built and deployed. Each section of the guide explains a different key concept, from the server through the Python WSGI web framework to the front end JavaScript.">

<meta name="author" content="Matt Makai">

<link rel="shortcut icon" href="theme/img/full-stack-python-logo-bw.png">

<title>Full Stack Python</title>

<!-- Bootstrap core CSS -->

<link href="theme/css/fsp.css" rel="stylesheet">

<!--[if lt IE 9]>

<style>

html,

body {

font-size: 18px;

color: #222;

background: #fefefe;

}

body {

padding-top: 30px;

}

.footer {

padding: 20px 0 30px 0;

}

a, a:hover {border-bottom: 1px dotted; color: #444;}

a:hover {text-decoration: none; color: #000;}

.logo-title {font-size: 56px; color: #403072; padding-top: 80px;

font-family: "News Cycle", "Arial Narrow Bold", sans-serif;

font-weight: bold; line-height: 30px; margin-left: 5px;}

.logo-title a, .logo-title a:hover {color: #000; text-decoration: none;

border-bottom: none;}

.logo-title a:hover {color: gray;}

.logo-image {vertical-align: top; border: none;}

a.list-group-item.active {background: #444; border: 1px solid #222;}

a.list-group-item.active:hover {background: #444; border: 1px solid #222;}

#sidebar {margin-top: 30px;}

@media (max-width: 600px) {

.logo-header-section {

margin: 20px 32px 0 0;

}

}

</style>

<script type="text/javascript">

var _gaq = _gaq || [];

_gaq.push(['_setAccount', 'UA-19910497-7']);

_gaq.push(['_trackPageview']);

(function() {

var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;

ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';

var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);

})();

</script>

</head>

<a href="https://github.com/makaimc/fullstackpython.github.com" class="github">

<img style="position: absolute; top: 0; right: 0; border: 0;" src="http://s3.amazonaws.com/github/ribbons/forkme_right_darkblue_121621.png" alt="Fork me on GitHub" />

</a>

<div class="container">

<div class="row">

<div class="col-md-12">

<div class="logo-header-section">

<a href="/" style="text-decoration: none; border: none;"><img src="theme/img/full-stack-python-logo-bw.png" height="42" width="42" class="logo-image" /></a>

<span class="logo-title"><a href="/">Full Stack Python</a></span>

</div>

</div>

<div class="row">

<div class="col-md-8">

<h1>Web Application Security</h1>

<p>Website security must be thought about while building every level of the web

stack. However, this section is included for topics that deserve particular

treatment, such as Cross-site scripting (XSS), SQL injection, Cross-site

request forgery and usage of public-private keypairs.</p>

<h2>Security Resources</h2>

<p><a href="http://erik.io/blog/2013/06/08/a-basic-guide-to-when-and-how-to-deploy-https/">When and How to Deploy HTTPS</a></p>

<p><a href="http://spenserj.com/blog/2013/07/15/securing-a-linux-server/">Securing a Linux Server</a></p>

<p><a href="http://arstechnica.com/security/2013/02/securing-your-website-a-tough-job-but-someones-got-to-do-it/">Securing Your Website</a></p>

<p><a href="http://blog.hartleybrody.com/https-certificates/">How HTTPS Secures Connections: What Every Web Dev Should Know</a></p>

<p>The Open Web Application Security Project (OWASP) has

<a href="https://www.owasp.org/index.php/Cheat_Sheets">cheat sheets for security</a>

topics.</p>

<br/>

Next read the

<a href="/logging.html">logging</a> section.

</div>

<div class="col-md-offset-1 col-md-3" id="sidebar">

<div class="list-group">

<a href="/introduction.html" class="list-group-item ">Introduction</a>

<a href="/servers.html" class="list-group-item ">Servers</a>

<a href="/operating-systems.html" class="list-group-item ">Operating Systems</a>

<a href="/web-servers.html" class="list-group-item ">Web Servers</a>

<a href="/platform-as-a-service.html" class="list-group-item ">Platform-as-a-service</a>

<a href="/databases.html" class="list-group-item ">Databases</a>

<a href="/wsgi-servers.html" class="list-group-item ">WSGI Servers</a>

<a href="/web-frameworks.html" class="list-group-item ">Web Frameworks</a>

<a href="/dependency-management.html" class="list-group-item ">Application Dependencies</a>

<a href="/static-content.html" class="list-group-item ">Static Content</a>

<a href="/source-control.html" class="list-group-item ">Source Control</a>

<a href="/caching.html" class="list-group-item ">Caching</a>

<a href="/task-queues.html" class="list-group-item ">Task Queues</a>

<a href="/api-integration.html" class="list-group-item ">API Integration</a>

<a href="/no-sql-datastore.html" class="list-group-item ">NoSQL Data Stores</a>

<a href="/web-application-security.html" class="list-group-item active">Web Security</a>

<a href="/logging.html" class="list-group-item ">Logging</a>

<a href="/monitoring.html" class="list-group-item ">Monitoring</a>

<a href="/configuration-management.html" class="list-group-item ">Configuration Management</a>

<a href="/web-analytics.html" class="list-group-item ">Web Analytics</a>

<a href="/about-author.html" class="list-group-item ">About the Author</a>

<a href="/change-log.html" class="list-group-item ">Change Log</a>

</div>

<hr/>

<div class="footer pull-right">

<a href="http://www.mattmakai.com/" class="underline">Matt Makai</a> 2014

</div>

</div>

<script src="http://code.jquery.com/jquery-2.1.0.min.js"></script>

<script src="theme/js/bootstrap.min.js"></script>

</body>