Book Image

Software Architecture with Python

By : Anand Balachandran Pillai
Book Image

Software Architecture with Python

By: Anand Balachandran Pillai

Overview of this book

This book starts by explaining how Python fits into an application's architecture. As you move along, you will get to grips with architecturally significant demands and how to determine them. Later, you’ll gain a complete understanding of the different architectural quality requirements for building a product that satisfies business needs, such as maintainability/reusability, testability, scalability, performance, usability, and security. You will also use various techniques such as incorporating DevOps, continuous integration, and more to make your application robust. You will discover when and when not to use object orientation in your applications, and design scalable applications. The focus is on building the business logic based on the business process documentation, and understanding which frameworks to use and when to use them. The book also covers some important patterns that should be taken into account while solving design problems, as well as those in relatively new domains such as the Cloud. By the end of this book, you will have understood the ins and outs of Python so that you can make critical design decisions that not just live up to but also surpassyour clients’ expectations.
Table of Contents (18 chapters)
Software Architecture with Python
Credits
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface
Index

Security issues with web applications


So far, we have seen four types of security issues with Python, namely, those with reading input, evaluating expressions, overflow errors, and serialization issues. All our examples so far have been with Python on the console.

However, almost all of us interact with web applications on a daily basis, many of which are written in Python web frameworks such as Django, Flask, Pyramid, and others. Hence, it is more likely that we are exposed to security issues in such applications. We will look at a few examples here.

Server Side Template Injection

Server Side Template Injection (SSTI) is an attack using the server-side templates of common web frameworks as an attack vector. The attack uses weaknesses in the way user input is embedded on the templates. SSTI attacks can be used to figure out internals of a web application, execute shell commands, and even fully compromise the servers.

We will see an example using a very popular web application framework in Python...