SQL Injection - mattharley/phonypictures-ctf GitHub Wiki
SQL Injection
Flask
- http://flask.pocoo.org/docs/0.10/tutorial/views/
- See "bad day" scenario: http://www.slideshare.net/openpbs/sql-injection-defense-in-python
SQL Alchemy - mitigation
- SQLAlchemy's quoting system: http://stackoverflow.com/questions/6501583/sqlalchemy-sql-injection
- White list - scrub for known inputs
- Stored Procedures
View Function & Template
- Search box for products
- User Login Form - maybe already logged in
- Have a welcome
usernamefield?