DOCSLIB.ORG

Web and Application Framework Vulnerabilities

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Web and Application Framework Vulnerabilities SPOTLIGHT Cracks in the Foundation: Web and Application Framework Vulnerabilities RiskSense Spotlight Report • March 2020 Introduction An organization’s software stacks and web-facing And while resources such as the OWASP Top 10 and Top applications are some of the most fundamentally 25 Programming Most Dangerous Software Errors provide important assets in an enterprise digital environment. an important way of classifying the most common types Everything from blogs to the most sophisticated of weaknesses, it is often hard for developers and security applications are essential to how organizations serve their staff to know how specific choices such as coding users and interact with the outside world. The language and application frameworks impact the attack applications’ exposure to the outside world also means surface of their web assets. that they are some of the assets most exposed to attack. This Spotlight Report puts some of the most popular languages and frameworks under the microscope to see: The languages and frameworks where vulnerabilities are most common Which vulnerabilities are weaponized the most The underlying weaknesses that lead to vulnerabilities Patterns of weaknesses found in particular frameworks How to prioritize vulnerabilities based on real-world context Spotlight • Cracks in the Foundation: Web and Application Framework Vulnerabilities Page 1 RiskSense Spotlight Report • March 2020 Key Findings 2019 Vulnerabilities are Down, But Weaponization is Up technologies when evaluated over both a 10- and 5-year Web and application frameworks have largely been time horizon. While the types of weaknesses have changed immune to the massive spike in vulnerabilities observed in considerably over the course of a decade, the same players the U.S. National Vulnerability Database (NVD) over the have remained responsible. past few years. And while the overall number of framework vulnerabilities is down compared to previous years, the Frameworks Are Getting XSS Under Control weaponization rate has jumped to 8.6%; more than double While XSS issues were the most common weakness in that of the NVD average (3.9%) for the same time frame. the full 10-year dataset, it dropped to 5th when analyzed This uptick in weaponization was primarily due to increased over the last 5 years. This is a good sign that frameworks weaponization in Ruby on Rails, WordPress, and Java. are making progress in this important area. XSS weaknesses over the past 5 years have largely been due WordPress and Struts are the Most Weaponized to issues in WordPress. In terms of web and app frameworks, WordPress and Apache Struts were responsible for the most weaponized Input Validation Becomes the Top Weakness vulnerabilities – those vulnerabilities for which exploit Input Validation has become the top problem for code exists that can actually take advantage of the frameworks, accounting for 24% of all weaponized weakness. These two frameworks alone accounted for vulnerabilities over the past five years. Input validation 55% of the weaponized vulnerabilities over the past 10 covers a wide range of techniques and is one of the most years. WordPress faced a wide variety of issues, but important capabilities of an application framework. Input cross-site scripting (XSS) was the most common validation problems have been largely tied to Struts, problem, while Struts was dominated by input validation WordPress, and Drupal. Access control issues were also problems. Their respective underlying languages, PHP for on the rise, and mostly attributable to Java. WordPress and Java for Struts, were also the most weaponized languages in the study. Injection Weaknesses are Highly Weaponized Vulnerabilities tied to SQL injection, code injections, and Keep an Eye on Node.js and Django various command injections remained fairly rare, but had As a whole, JavaScript and Python frameworks showed some of the highest weaponization rates, often over 50%. the lowest weaponization of vulnerabilities, however the In fact, the top three weaknesses by weaponization rate news wasn’t all good. Node.js had a notably higher number were Command Injection (60% weaponized), OS of vulnerabilities than other JavaScript frameworks with 56 Command Injection (50% weaponized), and Code vulnerabilities, although only one has been weaponized to Injection (39% weaponized).This often makes them some date. The vulnerabilities covered a wide range of issues of the most sought after weaknesses by attackers. including input validation, information exposure, and resource exhaustion issues. Likewise, Django had 66 Scoring Systems Need Real-World Context vulnerabilities with only one weaponized. While CVSS v2 and v3 scores were not particularly efficient at weaponization remains low, the large number of predicting vulnerability weaponization. Only 12.4% of CVSS vulnerabilities in these frameworks leaves them open for v2 High vulnerabilities were weaponized, while 9% of the potential for risk. CVSS v3 Critical vulnerabilities were weaponized. By comparison, models that include intelligence from the wild Certain Frameworks Produce the Most Vulnerabilities showed 95% of Critical vulnerabilities were weaponized. The majority of weaponized vulnerabilities have This ability to quickly find and work on the issues that consistently been tied to the same technologies over the pose the greatest risk is crucial for organizations to ensure course of the past decade. WordPress, PHP, Apache Struts, they spend their effort on the right tasks. Java, and Drupal remained the top five weaponized Spotlight • Cracks in the Foundation: Web and Application Framework Vulnerabilities Page 2 RiskSense Spotlight Report • March 2020 Table of Contents Introduction 1 Key Findings 2 1. Background on Application Frameworks 4 What are Application Frameworks? 4 The Importance of Vulnerabilities in Languages and Frameworks 4 2. Overview of Vulnerabilities 5 Vulnerabilities by Year 6 3. The Most Vulnerable Frameworks 7 WordPress and Struts Lead the Way 7 Language and Framework Breakout 8 Trends in 2015-2019 9 4. Analyzing Framework Weaknesses 10 The Most Weaponized Weaknesses of the 2010s 10 2015-2019: Big Changes in the Weakness Landscape 12 Summary of Key Frameworks 16 5. Comparison of Vulnerability Scoring Systems 18 Scoring by Year 18 The Importance of Real-World Context 19 Conclusion 20 Spotlight • Cracks in the Foundation: Web and Application Framework Vulnerabilities Page 3 RiskSense Spotlight Report • March 2020 1. Background on Application Frameworks Modern applications rely on a wide range of interdependent What are Application Frameworks? Most importantly, the nature of web applications means using a specially crafted URL. When a new vulnerability is technologies in order to deliver functionality. These layers of Web frameworks streamline the development and that these vulnerabilities are typically exposed to the discovered, attackers can easily identify sites built from technology are commonly referred to as an application deployment of applications and websites. Instead of internet. For example a recent PHP vulnerability the vulnerable framework or language and automatically “stack,” which can include things like the web server, requiring the developer to code every line of PHP, HTML, (CVE-2019-11043) allowed even unskilled attackers to scan for specific vulnerabilities. databases, programming or coding languages and scripting etc., a framework can provide the developer with force a site to execute a malicious payload simply by components, virtualization and containers, and a variety of ready-made building blocks for many common tasks. This other components. might include things like session management or validating user input to the application. Instead of manually coding The most traditional view of the application stack is defined these functions over and over, the framework can provide by the LAMP stack. LAMP is an acronym built from the these components automatically. Likewise the framework most standard components of the stack including: can handle the dynamic generation of HTML and other code based on user interaction. In short, they vastly • Operating System – LINUX simplify the development of dynamic web applications. • Web Server – Apache • Database – MySQL These frameworks are likewise built on one of the parent • Language/Scripting – PHP, Perl, Python technologies we have seen earlier. For example, the Laravel and Symfony frameworks are built on PHP. Web cache Linux kernel Hardware Environment: CCC Likewise, Node.js, AngularJS, and React are common AppArmor Squid SELinux Polipo Smack frameworks built on JavaScript. TOMOYO Crackers Traffic server CPU cracking attempts Process Scheduler & RAM Web server Netfilter Attacks stave off The Importance of Vulnerabilities in Frameworks Apache Competitors Linux network stack & compete for customers Cherokee Requests In general, application frameworks have made Lighttpd Network scheduler serve Nginx NIC Networking application development more secure overall. Instead of CGI scripting device Internet driver hardware Perl relying on manual coding to validate input every time a PHP kmod-fs-ext4 Responses kmod-fs-btrfs low latency Python Customers user interacts with an application, the framework can Lustre want attendance ... Storage Database SATA handle this automatically. With less manual coding SAS MariaDB RAID frameworks can reduce the chance of manual errors. MySQL iSCSI NAS Botnets Drizzle DDoS-Attacks However, better does not mean foolproof. Languages and Figure 1(a): The Traditional
Load more

Recommended publications
  • Joomla Vs Drupal - Website Content Management Systems]
    [JOOMLA VS DRUPAL - WEBSITE CONTENT MANAGEMENT SYSTEMS] Joomla or Drupal? CMS’s are generally used to manage and control a large, dynamic collection of Web material (HTML documents and their associated images). And yes, they can take the web maintenance person out of the picture, as clients can update their own content, as and when required There are numerous Web CMS (Content Management Systems), and each one can ether fall into Open Source or proprietary. The ones that tend to stand out from the crowd, or should I say those that are more commonly used by small website design agencies are Word Press, Joomla and Drupal. So which one do you choose as a customer, or do you leave this to your web developer? Generally speaking, Joomla has a cleaner and smoother user interface; on the other hand Drupal is more flexible. Drupal and Joomla developers could argue all day,, so I’m going to go in as a bipartisan developer. • For starters both are easy to install and deploy, and many hosting companies have a one click install for these. • Both have plenty of modules and extensions you can use. • Joomla has a lighter learning curve than Drupal. • Joomla support SSL logins and SSL pages. Drupal not known to support it. • Server resources utilization is more compared to drupal © 2009 www.visualwebz.com Seattle Web Development Company [JOOMLA VS DRUPAL - WEBSITE CONTENT MANAGEMENT SYSTEMS] Summary of Joomla & Drupal Features • Limited technical knowledge need to get started. • Short learning curve • Cannot integrate other scripts etc. to your site • Generally you cannot create high-end sites, without additional investment of time.
    [Show full text]
  • Nvme-Based Caching in Video-Delivery Cdns
    NVMe-Based Caching In Video-Delivery CDNs Thomas Colonna 1901942 Double Degree INSA Rennes Supervisor: Sébastien Lafond Faculty of Science and Engineering Åbo Akademi University 2020 In HTTP-based video-delivery CDNs (content delivery networks), a critical compo- nent is caching servers that serve clients with content obtained from an origin server. These caches store the content they obtain in RAM or onto disks for serving additional clients without fetching them from the origin. For most use cases, access to the disk remains the limiting factor, thus requiring a significant amount of RAM to avoid these accesses and achieve good performance, but increasing the cost. In this master’s thesis, we benchmark various approaches to provide storage such as regular disks and NVMe-based SSDs. Based on these insights, we design a caching mod- ule for a web server relying on kernel-bypass, implemented using the reference framework SPDK. The outcome of the master’s thesis is a caching module leveraging specific proper- ties of NVMe disks, and benchmark results for the various types of disks with the two approaches to caching (i.e., regular filesystem based or NVMe-specific). Contents 1 Introduction 1 2 Background 3 2.1 Caching in the context of CDNs . .3 2.2 Performances of the different disk models . .4 2.2.1 Hard-Disk Drive . .4 2.2.2 Random-Access Memory . .5 2.2.3 Solid-State Drive . .6 2.2.4 Non-Volatile Main Memory . .6 2.2.5 Performance comparison of 2019-2020 storage devices . .6 2.3 Analysing Nginx . .7 2.3.1 Event processing .
    [Show full text]
  • Lightweight Django USING REST, WEBSOCKETS & BACKBONE
    Lightweight Django USING REST, WEBSOCKETS & BACKBONE Julia Elman & Mark Lavin Lightweight Django LightweightDjango How can you take advantage of the Django framework to integrate complex “A great resource for client-side interactions and real-time features into your web applications? going beyond traditional Through a series of rapid application development projects, this hands-on book shows experienced Django developers how to include REST APIs, apps and learning how WebSockets, and client-side MVC frameworks such as Backbone.js into Django can power the new or existing projects. backend of single-page Learn how to make the most of Django’s decoupled design by choosing web applications.” the components you need to build the lightweight applications you want. —Aymeric Augustin Once you finish this book, you’ll know how to build single-page applications Django core developer, CTO, oscaro.com that respond to interactions in real time. If you’re familiar with Python and JavaScript, you’re good to go. “Such a good idea—I think this will lower the barrier ■ Learn a lightweight approach for starting a new Django project of entry for developers ■ Break reusable applications into smaller services that even more… the more communicate with one another I read, the more excited ■ Create a static, rapid prototyping site as a scaffold for websites and applications I am!” —Barbara Shaurette ■ Build a REST API with django-rest-framework Python Developer, Cox Media Group ■ Learn how to use Django with the Backbone.js MVC framework ■ Create a single-page web application on top of your REST API Lightweight ■ Integrate real-time features with WebSockets and the Tornado networking library ■ Use the book’s code-driven examples in your own projects Julia Elman, a frontend developer and tech education advocate, started learning Django in 2008 while working at World Online.
    [Show full text]
  • Tinkertool System 7 Reference Manual Ii
    Documentation 0642-1075/2 TinkerTool System 7 Reference Manual ii Version 7.5, August 24, 2021. US-English edition. MBS Documentation 0642-1075/2 © Copyright 2003 – 2021 by Marcel Bresink Software-Systeme Marcel Bresink Software-Systeme Ringstr. 21 56630 Kretz Germany All rights reserved. No part of this publication may be redistributed, translated in other languages, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written permission of the publisher. This publication may contain examples of data used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. This publication could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. The publisher may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Make sure that you are using the correct edition of the publication for the level of the product. The version number can be found at the top of this page. Apple, macOS, iCloud, and FireWire are registered trademarks of Apple Inc. Intel is a registered trademark of Intel Corporation. UNIX is a registered trademark of The Open Group. Broadcom is a registered trademark of Broadcom, Inc. Amazon Web Services is a registered trademark of Amazon.com, Inc.
    [Show full text]
  • ICP and the Squid Web Cache* 1 Introduction
    ICP and the Squid Web Cache Duane Wessels k cla y August 13, 1997 Abstract We describ e the structure and functionality of the Internet Cache Proto col ICP and its implementation in the Squid Web Caching software. ICP is a lightweight message format used for communication among Web caches. Caches exchange ICP queries and replies to gather information to use in selecting the most appropriate lo cation from which to retrieve an ob ject. We present background on the history of ICP, and discuss issues in ICP deployment, e- ciency, security, and interaction with other asp ects of Web trac b ehavior. We catalog successes, failures, and lessons learned from using ICP to deploy a global Web cache hierarchy. 1 Intro duction Ever since the World-Wide Web rose to p opularity around 1994, much e ort has fo cused on reducing latency exp erienced by users. Sur ng the Web can b e slow for many reasons. Server systems b ecome slow when overloaded, esp ecially when hot sp ots suddenly app ear. Congestion can also o ccur at network exchange p oints or across links, and is esp ecially prevalent across trans-o ceanic links that often cost millions of dollars p er month. A common, alb eit exp ensiveway to alleviate such problems is to upgrade the overloaded resource: get a faster server, another E1, a bigger switch. However, this approach is not only often eco- nomically infeasible, but p erhaps more imp ortantly, it also fails to consider the numerous parties involved in even a single, simple Web transaction.
    [Show full text]
  • Squirrel: a Decentralized Peer-To-Peer Web Cache
    To appear in the 21th ACM Symposium on Principles of Distributed Computing (PODC 2002) Squirrel: A decentralized peer-to-peer web cache ∗ Sitaram Iyer Antony Rowstron Peter Druschel Rice University Microsoft Research Rice University 6100 Main Street, MS-132 7 J J Thomson Close 6100 Main Street, MS-132 Houston, TX 77005, USA Cambridge, CB3 0FB, UK Houston, TX 77005, USA [email protected] [email protected] [email protected] ABSTRACT There is substantial literature in the areas of cooperative This paper presents a decentralized, peer-to-peer web cache web caching [3, 6, 9, 20, 23, 24] and web cache workload char- called Squirrel. The key idea is to enable web browsers on acterization [4]. This paper demonstrates how it is possible, desktop machines to share their local caches, to form an ef- desirable and efficient to adopt a peer-to-peer approach to ficient and scalable web cache, without the need for dedicated web caching in a corporate LAN type environment, located hardware and the associated administrative cost. We propose in a single geographical region. Using trace-based simula- and evaluate decentralized web caching algorithms for Squir- tion, it shows how most of the functionality and performance rel, and discover that it exhibits performance comparable to of a traditional web cache can be achieved in a completely a centralized web cache in terms of hit ratio, bandwidth us- self-organizing system that needs no extra hardware or ad- age and latency. It also achieves the benefits of decentraliza- ministration, and is fault-resilient. The following paragraphs tion, such as being scalable, self-organizing and resilient to elaborate on these ideas.
    [Show full text]
  • Building Online Content and Community with Drupal
    Collaborative Librarianship Volume 1 Issue 4 Article 10 2009 Building Online Content and Community with Drupal Gabrielle Wiersma University of Colorado at Boulder, [email protected] Follow this and additional works at: https://digitalcommons.du.edu/collaborativelibrarianship Part of the Collection Development and Management Commons Recommended Citation Wiersma, Gabrielle (2009) "Building Online Content and Community with Drupal," Collaborative Librarianship: Vol. 1 : Iss. 4 , Article 10. DOI: https://doi.org/10.29087/2009.1.4.10 Available at: https://digitalcommons.du.edu/collaborativelibrarianship/vol1/iss4/10 This Review is brought to you for free and open access by Digital Commons @ DU. It has been accepted for inclusion in Collaborative Librarianship by an authorized editor of Digital Commons @ DU. For more information, please contact [email protected],[email protected]. Wiersma: Building Online Content and Community with Drupal Building Online Content and Community with Drupal Gabrielle Wiersma ([email protected]) Engineering Research and Instruction Librarian, University of Colorado at Boulder Libraries use content management systems Additionally, all users are allowed to post in order to create, manage, edit, and publish content without using code, which enables content on the Web more efficiently. Drupal less tech savvy users to contribute content (drupal.org), one such Web-based content just as easily as their more proficient coun- management system, is unique because it terparts. For example, a library could use employs a bottom-up strategy for Web de- Drupal to allow library staff to view and sign that separates the content of the site edit the library Web site, blog, and staff from the formatting which means that “you intranet.
    [Show full text]
  • WEB2PY Enterprise Web Framework (2Nd Edition)
    WEB2PY Enterprise Web Framework / 2nd Ed. Massimo Di Pierro Copyright ©2009 by Massimo Di Pierro. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the web at www.copyright.com. Requests to the Copyright owner for permission should be addressed to: Massimo Di Pierro School of Computing DePaul University 243 S Wabash Ave Chicago, IL 60604 (USA) Email: [email protected] Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created ore extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. Library of Congress Cataloging-in-Publication Data: WEB2PY: Enterprise Web Framework Printed in the United States of America.
    [Show full text]
  • Django Wordpress API Documentation Release 0.1.0
    Django Wordpress API Documentation Release 0.1.0 Swapps Jun 28, 2017 Contents 1 Django Wordpress API 3 1.1 Documentation..............................................3 1.2 Quickstart................................................3 1.3 Features..................................................3 1.4 Running Tests..............................................4 1.5 Credits..................................................4 2 Installation 5 3 Integration 7 3.1 Configure django-wordpress_api inside your aplication.........................7 3.2 Add django-wordpress-api........................................7 3.3 Multilingual support...........................................7 3.4 Page cache................................................8 3.5 RSS Feed.................................................8 4 Usage 9 5 Contributing 11 5.1 Types of Contributions.......................................... 11 5.2 Get Started!................................................ 12 5.3 Pull Request Guidelines......................................... 13 5.4 Tips.................................................... 13 6 Credits 15 6.1 Development Lead............................................ 15 6.2 Contributors............................................... 15 7 History 17 7.1 0.1.0 (2016-09-02)............................................ 17 i ii Django Wordpress API Documentation, Release 0.1.0 Contents: Contents 1 Django Wordpress API Documentation, Release 0.1.0 2 Contents CHAPTER 1 Django Wordpress API Easily Install your Wordpress blog in your Django project
    [Show full text]
  • Magnetic Silica Particles Functionalized with Guanidine Derivatives For
    www.nature.com/scientificreports OPEN Magnetic silica particles functionalized with guanidine derivatives for microwave‑assisted transesterifcation of waste oil Petre Chipurici1,6, Alexandru Vlaicu1,2,6, Ioan Călinescu1, Mircea Vînătoru1, Cristina Busuioc1, Adrian Dinescu3, Adi Ghebaur1,4, Edina Rusen1, Georgeta Voicu1, Maria Ignat5 & Aurel Diacon1* This study aimed to develop a facile synthesis procedure for heterogeneous catalysts based on organic guanidine derivatives superbases chemically grafted on silica‑coated Fe3O4 magnetic nanoparticles. Thus, the three organosilanes that were obtained by reacting the selected carbodiimides (N,N′‑ dicyclohexylcarbodiimide (DCC), N,N′‑diisopropylcarbodiimide (DIC), respectively 1‑ethyl‑3‑(3‑ dimethylaminopropyl) carbodiimide (EDC) with 3‑aminopropyltriethoxysilane (APTES) were used in a one‑pot synthesis stage for the generation of a catalytic active protective shell through the simultaneous hydrolysis/condensation reaction with tetraethyl orthosilicate (TEOS). The catalysts were characterized by FTIR, TGA, SEM, BET and XRD analysis confrming the successful covalent attachment of the organic derivatives in the silica shell. The second aim was to highlight the capacity of microwaves (MW) to intensify the transesterifcation process and to evaluate the activity, stability, and reusability characteristics of the catalysts. Thus, in MW‑assisted transesterifcation reactions, all catalysts displayed FAME yields of over 80% even after 5 reactions/activation cycles. Additionally, the infuence of FFA content on the catalytic activity was investigated. As a result, in the case of Fe3O4@ SiO2‑EDG, a higher tolerance towards the FFA content can be noticed with a FAME yield of over 90% (for a 5% (weight) vs oil catalyst content) and 5% weight FFA content. Biodiesel can represent a suitable renewable alternative for the direct replacement of standard diesel fuels derived from petroleum sources1,2.
    [Show full text]
  • Program Details
    Home Program Hotel Be an Exhibitor Be a Sponsor Review Committee Press Room Past Events Contact Us Program Details Monday, November 3, 2014 08:30-10:00 MORNING TUTORIALS Track 1: An Introduction to Writing Systems & Unicode Presenter: This tutorial will provide you with a good understanding of the many unique characteristics of non-Latin Richard Ishida writing systems, and illustrate the problems involved in implementing such scripts in products. It does not Internationalization provide detailed coding advice, but does provide the essential background information you need to Activity Lead, W3C understand the fundamental issues related to Unicode deployment, across a wide range of scripts. It has proved to be an excellent orientation for newcomers to the conference, providing the background needed to assist understanding of the other talks! The tutorial goes beyond encoding issues to discuss characteristics related to input of ideographs, combining characters, context-dependent shape variation, text direction, vowel signs, ligatures, punctuation, wrapping and editing, font issues, sorting and indexing, keyboards, and more. The concepts are introduced through the use of examples from Chinese, Japanese, Korean, Arabic, Hebrew, Thai, Hindi/Tamil, Russian and Greek. While the tutorial is perfectly accessible to beginners, it has also attracted very good reviews from people at an intermediate and advanced level, due to the breadth of scripts discussed. No prior knowledge is needed. Presenters: Track 2: Localization Workshop Daniel Goldschmidt Two highly experienced industry experts will illuminate the basics of localization for session participants Sr. International over the course of three one-hour blocks. This instruction is particularly oriented to participants who are Program Manager, new to localization.
    [Show full text]
  • Flask Documentation Release 0.7Dev July 14, 2014
    Flask Documentation Release 0.7dev July 14, 2014 Contents I User’s Guide1 1 Foreword3 1.1 What does “micro” mean?...........................3 1.2 A Framework and an Example........................4 1.3 Web Development is Dangerous.......................4 1.4 The Status of Python 3.............................4 2 Installation7 2.1 virtualenv....................................7 2.2 System Wide Installation...........................8 2.3 Living on the Edge...............................9 2.4 easy_install on Windows............................9 3 Quickstart 11 3.1 A Minimal Application............................ 11 3.2 Debug Mode.................................. 12 3.3 Routing..................................... 13 3.4 Static Files.................................... 17 3.5 Rendering Templates.............................. 17 3.6 Accessing Request Data............................ 19 3.7 Redirects and Errors.............................. 22 3.8 Sessions..................................... 22 3.9 Message Flashing................................ 23 3.10 Logging..................................... 24 3.11 Hooking in WSGI Middlewares....................... 24 4 Tutorial 25 4.1 Introducing Flaskr............................... 25 4.2 Step 0: Creating The Folders......................... 26 4.3 Step 1: Database Schema........................... 27 4.4 Step 2: Application Setup Code........................ 27 i 4.5 Step 3: Creating The Database........................ 29 4.6 Step 4: Request Database Connections.................... 30 4.7 Step
    [Show full text]