DOCSLIB.ORG

Abstract GEGICK, MICHAEL CHARLES. Analyzing Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Abstract GEGICK, MICHAEL CHARLES. Analyzing Security Abstract GEGICK, MICHAEL CHARLES. Analyzing Security Attacks to Generate Signatures from Vulnerable Architectural Patterns. (Under the direction of Dr. Laurie Williams.) Current techniques for software security vulnerability identification include the use of abstract, graph-based models to represent information about an attack. These models can be in the form of attack trees or attack nets and can be accompanied with a supporting text- based profile. Matching the abstract models to specific system architectures for effective vulnerability identification can be a challenging process. This thesis suggests that abstract regular expressions can be used to represent events of known attacks for the identification of security vulnerabilities in future applications. The process of matching the events in the regular expression to a sequence of components in a system design may facilitate the means of identifying vulnerabilities. Performing the approach in the design phase of a software process encourages security to be integrated early into a software application. Students in an undergraduate security course demonstrated a strong ability to accurately match regular expressions to a system design. The identification of vulnerabilities is limited to known attacks of other systems and does not offer descriptions of what new attacks are possible to a future application. Extending the approach to incorporate new attacks is an avenue of future work. Analyzing Security Attacks to Generate Signatures from Vulnerable Architectural Patterns by Michael Charles Gegick A thesis submitted to the Graduate Faculty of North Carolina State University in partial fulfillment of the requirements for the Degree of Master of Science Computer Science Raleigh 2004 APPROVED BY: _______________________________________ Committee Member _______________________________________ Committee Member _______________________________________ Chair of Advisory Committee Biography Michael has a BA in Biology from Washington and Jefferson College (1998) and a BS in Computer Science from North Carolina State University (2001). He enjoys swimming, biking, running, and rock climbing. ii Acknowledgements Thanks to the members of my thesis committee, Dr. Laurie Williams (chair), Dr. Annie Antón and Dr. Julia Earp for their support and suggestions during my research. Dr. Williams helped to steer me through the entire thesis and was always optimistic and amazingly patient. I would like to sincerely thank Dr. Gary McGraw (of Cigital), Dr. Michael Reiter (of Carnegie Mellon University), and Dr. Eugene Spafford, Dr. Pascal Meunier, and Rajeev Gopalakrish (each of Purdue University) for taking the time to understand my thesis approach and give opinions on its validity and practicality in the field of security engineering. I would also like to thank Nick Green and Eric Isakson for their suggestions on the approach when I first arrived at the concept. Additionally, Bruce Wieand was helpful in determining if regular expressions were a possible means of representing events that may occur in an attack and deserves much appreciation. Without Julie Starr, the teacher for CSC405 at North Carolina State University, the feasibility and validation studies would not have been possible. She was very cooperative and understanding with the incorporation of my assignment in her class. Many thanks to Penney Martin for helping to elicit the idea proposed in this thesis. This material is based upon work supported by the National Science Foundation under Grant No. 0346903. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. iii Table of Contents LIST OF TABLES................................................................................................................... vi LIST OF FIGURES................................................................................................................ vii 1.0 Introduction .......................................................................................................................1 2.0 Background......................................................................................................................5 2.1 Vulnerability Representation ..........................................................................................5 2.2 Security Collaboration for non-experts.........................................................................14 2.3 Integrating Security into the Software Process ............................................................17 2.4 Risk Management ........................................................................................................19 3.0 Methodology....................................................................................................................21 3.1 Background ..................................................................................................................21 3.2 Regular Expressions ....................................................................................................23 3.3 The System Design......................................................................................................29 3.4 Knowledge Base of Regular Expressions ....................................................................31 3.5 Methodology Scenario – Securing Applications from Enumerated Threats (SAFET)..32 3.6 Risk Management ........................................................................................................33 4.0 Vulnerability Collection Methodology ..............................................................................35 4.1 Limitations ....................................................................................................................38 5.0 Vulnerability Collection Results.......................................................................................40 6.0 Feasibility Study..............................................................................................................66 6.1 Feasibility Study Methodology .....................................................................................66 6.2 Feasibility Study Results ..............................................................................................69 6.3 Metadata ......................................................................................................................72 6.4 Valid and Invalid Answers ............................................................................................73 6.5 Unique Attack Paths.....................................................................................................78 6.6 Regular Expressions Not Represented in the Design..................................................80 6.7 Miscellaneous Data......................................................................................................84 7.0 Validation Study ..............................................................................................................86 7.1 Validation Study Methodology......................................................................................86 7.2 Validation Study Results ..............................................................................................87 7.3 Metadata ......................................................................................................................90 7.4 Valid and Invalid Answers ............................................................................................91 7.5 Unique Attack Paths.....................................................................................................96 7.6 Regular Expressions Not Represented in the Design................................................100 7.7 Miscellaneous Data....................................................................................................103 8.0 Conclusions and Future Work.......................................................................................105 9.0 References....................................................................................................................110 10.0 ppendices....................................................................................................................112 10.1 Vulnerability Collection.............................................................................................113 10.2 Feasibility Assignment .............................................................................................135 10.3 Time Spent on the Feasibility Study.........................................................................145 10.4 Valid and Invalid Attack Paths for the Feasibility Study ...........................................146 10.5 Feasibility Study Likert Scale ...................................................................................166 10.6 Student Comments on the Feasibility Study ............................................................167 10.7 Time Spent on the Validation Study.........................................................................169 10.8 Valid and Invalid Attack Paths for the Validation Study ...........................................170 10.9 Validation Study Likert Scale ...................................................................................200 10.10 Student Comments for the Validation Study ..........................................................201 10.11 Student Questions in
Load more

Recommended publications
  • Mobile Telemedicine and Wireless Remote Monitoring Applications
    İSTANBUL TECHNICAL UNIVERSITY INSTITUTE OF SCIENCE AND TECHNOLOGY MOBILE TELEMEDICINE AND WIRELESS REMOTE MONITORING APPLICATIONS M.Sc. Thesis by Taner SOYUGENÇ, B.Sc. Department : Electronics and Communication Engineering Programme : Biomedical Engineering NOVEMBER 2006 PREFACE In this project, my main goal is to implement a mobile sample application by defining the related global standards for telemedicine. The work is focused on recommendations of technology associated with a feasibility study. First of all, I would like to thank Assoc. Prof. Dr. Selçuk PAKER for his valuable advice, support and encouragement to accomplish the project. Besides, I would like to thank my family who is always with me giving support at every step of my life. November 2006 Taner SOYUGENÇ iii CONTENTS ACRONYMS vi LIST OF TABLES viii LIST OF FIGURES ix SUMMARY xi ÖZET xii 1. INTRODUCTION 1 1.1. Technology Overview 2 1.1.1. Communication Infrastructure 5 1.1.2. Overview of GSM-GPRS 6 1.1.2.1. Brief History of GSM 8 1.1.2.2. GPRS 12 1.1.3. Mobile Solutions 14 1.1.4. Wireless Medical Sensors 15 1.2. Aim of the Project 16 2. WORLDWIDE APPLICATIONS, VENDORS AND STANDARDS 18 2.1. Available Products 19 2.1.1. ECG 19 2.1.2. Pulse Oximeter 20 2.1.3. Blood Pressure Sensor 23 2.1.4. Various Sensor Brands 24 2.1.5. Advanced Research 27 2.1.6. Home Care Monitoring Systems 31 2.2. Medical Information Standards and Organizations 35 2.2.1. ASTM 39 2.2.2. CEN/TC251 Health Informatics 39 2.2.3.
    [Show full text]
  • SMTP (Simple Mail Transfer Protocol)
    P1: JsY JWBS001A-60.tex WL041/Bidgoli WL041-Bidgoli.cls May 12, 2005 3:27 Char Count= 0 SMTP (Simple Mail Transfer Protocol) Vladimir V. Riabov, Rivier College Introduction 1 SMTP Security Issues 12 SMTP Fundamentals 1 SMTP Vulnerabilities 12 SMTP Model and Protocol 2 SMTP Server Buffer Overflow Vulnerability 15 User Agent 4 Mail Relaying SMTP Vulnerability 15 Sending e-Mail 4 Mail Relaying SMTP Vulnerability in Microsoft Mail Header Format 4 Windows 2000 15 Receiving e-Mail 4 Encapsulated SMTP Address Vulnerability 15 The SMTP Destination Address 4 Malformed Request Denial of Service 16 Delayed Delivery 4 Extended Verb Request Handling Flaw 16 Aliases 5 Reverse DNS Response Buffer Overflow 16 Mail Transfer Agent 5 Firewall SMTP Filtering Vulnerability 16 SMTP Mail Transaction Flow 5 Spoofing 16 SMTP Commands 6 Bounce Attack 16 Mail Service Types 6 Restricting Access to an Outgoing Mail SMTP Service Extensions 8 Server 17 SMTP Responses 8 Mail Encryption 17 SMTP Server 8 Bastille Hardening System 17 On-Demand Mail Relay 8 POP and IMAP Vulnerabilities 17 Multipurpose Internet Mail Extensions Standards, Organizations, and (MIME) 8 Associations 18 MIME-Version 10 Internet Assigned Numbers Authority 18 Content-Type 10 Internet Engineering Task Force Working Content-Transfer-Encoding 10 Groups 18 Content-Id 11 Internet Mail Consortium 18 Content-Description 11 Mitre Corporation 18 Security Scheme for MIME 11 Conclusion 18 Mail Transmission Types 11 Glossary 18 Mail Access Modes 11 Cross References 19 Mail Access Protocols 11 References 19 POP3 11 Further Reading 22 IMAP4 12 INTRODUCTION and IMAP4), SMTP software, vulnerability and security issues, standards, associations, and organizations.
    [Show full text]
  • How to Buy DVD PC Games : 6 Ribu/DVD Nama
    www.GamePCmurah.tk How To Buy DVD PC Games : 6 ribu/DVD Nama. DVD Genre Type Daftar Game Baru di urutkan berdasarkan tanggal masuk daftar ke list ini Assassins Creed : Brotherhood 2 Action Setup Battle Los Angeles 1 FPS Setup Call of Cthulhu: Dark Corners of the Earth 1 Adventure Setup Call Of Duty American Rush 2 1 FPS Setup Call Of Duty Special Edition 1 FPS Setup Car and Bike Racing Compilation 1 Racing Simulation Setup Cars Mater-National Championship 1 Racing Simulation Setup Cars Toon: Mater's Tall Tales 1 Racing Simulation Setup Cars: Radiator Springs Adventure 1 Racing Simulation Setup Casebook Episode 1: Kidnapped 1 Adventure Setup Casebook Episode 3: Snake in the Grass 1 Adventure Setup Crysis: Maximum Edition 5 FPS Setup Dragon Age II: Signature Edition 2 RPG Setup Edna & Harvey: The Breakout 1 Adventure Setup Football Manager 2011 versi 11.3.0 1 Soccer Strategy Setup Heroes of Might and Magic IV with Complete Expansion 1 RPG Setup Hotel Giant 1 Simulation Setup Metal Slug Anthology 1 Adventure Setup Microsoft Flight Simulator 2004: A Century of Flight 1 Flight Simulation Setup Night at the Museum: Battle of the Smithsonian 1 Action Setup Naruto Ultimate Battles Collection 1 Compilation Setup Pac-Man World 3 1 Adventure Setup Patrician IV Rise of a Dynasty (Ekspansion) 1 Real Time Strategy Setup Ragnarok Offline: Canopus 1 RPG Setup Serious Sam HD The Second Encounter Fusion (Ekspansion) 1 FPS Setup Sexy Beach 3 1 Eroge Setup Sid Meier's Railroads! 1 Simulation Setup SiN Episode 1: Emergence 1 FPS Setup Slingo Quest 1 Puzzle
    [Show full text]
  • Groupwise Mobility Quick Start for Microsoft Outlook Users
    GroupWise Mobility Quick Start for Microsoft Outlook Users August 2016 GroupWise Mobility Service 2014 R2 allows the Microsoft Outlook client for Windows to run against a GroupWise backend via Microsoft ActiveSync 14.1 protocol. This document helps you set up your Outlook client to access your GroupWise account and provides known limitations you should be aware of while using Outlook against GroupWise. Supported Microsoft Outlook Clients CREATING THE GROUPWISE PROFILE MANUALLY Microsoft Outlook 2013 or 21016 for Windows 1 On the machine, open Control Panel > User Accounts and Family Safety. Microsoft Outlook Mobile App Adding a GroupWise Account to the Microsoft Outlook Client You must configure the Microsoft Outlook client in order to access your GroupWise account. The following instructions assume that the Outlook client is already installed on your machine. You can use the GroupWise Profile Setup utility to set the profile up automatically or you can manually create the GroupWise profile for Outlook. Using the GroupWise Profile Setup Utility Creating the GroupWise Profile Manually 2 Click Mail. 3 (Conditional) If a Mail Setup dialog box is displayed, USING THE GROUPWISE PROFILE SETUP UTILITY click Show Profiles to display the Mail dialog box. You must first obtain a copy of the GWProfileSetup.zip from If GroupWise is installed on the machine, the Profiles your system administrator before following the steps below list includes a GroupWise profile, as shown in the to create the profile on your workstation. following screenshot. You need to keep this profile and create a new profile. 1 Extract the GWProfileSetup.zip to a temporary location on your workstation.
    [Show full text]
  • Thanos Tsouanas --- C.V
    Curriculum Vitæ Thanos Tsouanas 02/05/2017 I Personal details hello photo full name: Athanasios (Thanos) Tsouanas date of birth: 22/02/1983 place of birth: Athens, Greece nationality: Hellenic office address: IMD, Universidade Federal do Rio Grande do Norte Av. Cap. Mor Gouveia, S/N CEP: 59063-400, Natal{RN, Brasil phone number: (+55) (84) 9 8106-9789 (mobile, Telegram, WhatsApp) email address: [email protected] personal website: http://www.tsouanas.org/ GitHub: http://github.com/tsouanas Spoken languages Greek (native); English (proficient); Brazilian Portuguese (fluent). I Studies & academic positions 2016 { Associate professor (permanent position) in Instituto Metr´opole Digital of Universidade Federal do Rio Grande do Norte (UFRN), Brazil. 2015 Postdoctoral researcher in the Mathematics Department of Universidade Federal do Rio Grande do Norte (UFRN), Brazil. 2014 PhD from Ecole´ Normale Superieure´ de Lyon, under the supervision of Olivier Laurent, in the field of theoretical computer science. I was employed by CNRS under the Marie Curie fellowship \MALOA", and had a 1-month secondment split between the University of Oxford (in the team of Luke Ong) and Ecole´ Polytechnique (in the team of Dale Miller). Thesis title: On the Semantics of Disjunctive Logic Programs1 2010 Master of Science degree from MPLA (graduate program in Logic, Algorithms and Computation of the University of Athens and of the Technical University of Athens),2 mathematical logic specialty, grade 8.23/10. 2007 Bachelor's degree from the Department of Mathematics of the University of Athens, specialty of pure mathematics, grade \excellent" (8.51/10). Seminars and schools • Logoi school on Linear Logic and Geometry of Interaction.
    [Show full text]
  • Freespace 2 Game
    Freespace 2 Game Freespace 2 Game 1 / 3 2 / 3 Thanks to some subtle improvements, FreeSpace 2 is free to rule the cosmos as the best space combat game yet to hit the PC. Required: Pentium .... Game genres can wax and wane in popularity. It's a sad truth that two of my favorites, real-time strategy and space simulation games, have .... Metacritic Game Reviews, FreeSpace 2 for PC, The year is 2367. Thirty-two years have passed since the Great War. As Terrans and Vasudans .... Mostly Positive (223) - 73% of the 223 user reviews for this game are positive. Release Date: Jun 6, 2014. Developer: Volition Inc. Publisher: Interplay Corp.. FreeSpace 2 is one of the best space sims ever made and is a solid candidate for game of the year.. FreeSpace 2 is a 1999 space combat simulation computer game developed by Volition as the sequel to Descent: FreeSpace – The Great War. It was completed ahead of schedule in less than a year, and released to very positive reviews.. The sequel is just titled FreeSpace 2. In FreeSpace, the Galactic Terran Alliance is at war with an alien race called the Vasudans over a tragic miscommunication .... Everyone loves a good space game, but sometimes it can feel like there are more space games to play than there are stars in the sky. Fortunately, we're here to .... FreeSpace 2, the follow up to the classic Descent: FreeSpace – The Great War is ready to engage you in the second round. Follow the Grand Terran Vasudan .... Once upon a time sci-fi flight sim games reigned supreme.
    [Show full text]
  • Military-Grade Cyber Security
    MILITARY-GRADE CYBER SECURITY EdgeWave ePrism Email Security Email Archive Email Volume is Growing The volume of email your business has to process has grown over 500% in the last 10 years and there appears to be no decline in sight. It is likely the amount will continue to increase, pushing your organization’s email servers to the limit, resulting in costly downtime and reduced productivity. Of even greater concern are industry-wide legal and regulatory requirements mandating that you retain all your organization’s email in an unalterable state. A comprehensive email archiving solution will not only help you meet corporate, legal and regulatory requirements, it can also help your organization achieve other critical goals. • Simplify mailbox management, shrink storage costs and reduce backup windows • Protect critical business information and intellectual property • Accelerate legal discovery and enforce corporate email policies EdgeWave has the Solution EdgeWave Email Archive is a secure enterprise SaaS solution for storage management that retains your email in an unalterable state to help meet compliance requirements, provide litigation support and meet corporate best practices guidelines. EdgeWave’s policybased archiving and built-in reporting features combine with easy-to-use management tools to assure your archived messages are indexed and easy to retrieve whenever you need them. EdgeWave’s feature-rich email archiving supports client software integration, email stubbing to maximize server storage, mobilearchive access, litigation support tools, centralizing, importing all historical emails and more. EdgeWave Email Archive supports all major messaging servers including Exchange, Domino, GroupWise, and Linux-based environments and can be deployed easily with minimal resource expenditures.
    [Show full text]
  • March/April 2006
    The newsletter for IPFW computer users Information Technology Services March-April 2006 By Joseph McCormick Manager of Client Support his spring, most Indiana counties T will observe Daylight Savings Time Data Security and Your Workstation (DST) for the first time since 1970. In 2006, DST begins at 2 a.m. on the first Sunday in April (April 2) and ends at 2 option involves a reboot which With recent security incidents at a.m. on the last Sunday in October refreshes your workstation, and the (October 29). other campuses and businesses, it has next time you log in to the network, become imperative that we all take Because of modifications to the Trend OfficeScan antivirus steps to protect data accessed through GroupWise, to accommodate the software installed on your Windows our computers. Precautions should change to Daylight Savings Time, your workstation automatically updates. also be taken to protect data stored on calendar items scheduled between April Keep your workstation up-to- any portable devices such as laptops, 2 at 2:00 a.m. and October 29 at 2:00 date with vendor patches and virus disks or flash drives. Here are a few a.m. are now showing up an hour later protection by activating updates key steps that we can all do quickly to than originally scheduled. Unfortunately, promptly when you are signaled that increase security significantly. this problem was unavoidable as we they are ready. Windows XP/2000 adjusted the system to recognize Daylight users: when you see the “msg”. at the Savings time. bottom of your tool bar that says you Your cooperation is key to The only way to correct this have new updates, please click on the providing overall campus problem is to manually change your button and add your updates.
    [Show full text]
  • Theescapist 067.Pdf
    communication device or the programming, music, storytelling, voice characters in games where they don’t communication, itself; art allows us acting and interactivity. For a videogame speak. Where I have to put my own another avenue to share points of view, to be considered art, do each of these story in where one doesn’t exist. to help us empathize with others. Art can have to follow the rules for art? Just a Have you ever drawn/painted/sketched a also help us better understand ourselves few, maybe? Even, perhaps, only one? It also reminds me of how I end up still life in a group? While everyone in as we look at another’s interpretation of getting attached to the individual units in the group was looking at the same a subject and contrast how ours are This week, The Escapist focuses on just a game. I might really try hard to create subject, more than likely each person similar or different. one of these many layers of art in a squad of elite rangers in Generals or had a different outcome. One person videogames: visual design. Visual 2-D or keep alive that one marine who got 7 focused on the lighting and shadows; From what I say above about art, one 3-D art is one of the most accessible kills. I think of the first as my elite go-to one person focused on a smaller area of can conclude (correctly) that I have a layers for the general population, as squad, or if I’m playing China, an elite the subject; another focused on rather broad opinion of what constitutes most of us have participated in this art sniping unit.
    [Show full text]
  • Engineering at Johns Hopkins University! We Look Forward to Meeting You When You Arrive on Campus for Orientation
    Eng in eering 1 01 2019-2020 p rogr am p lanni ng gui de for fi rst-y ear e ngi neering s tudents Welcome to the Whiting School of Engineering at Johns Hopkins University! We look forward to meeting you when you arrive on campus for orientation. In the meantime, we have prepared the First-Year Academic Guide and Engineering 101 to get you started. The Academic Guide includes information for all first-year students at Hopkins, while Engineering 101 is directed specifically to engineering students. Engineering 101 contains information about all of the majors in the School of Engineering, including recommended first semester class schedules. You’ll also find out about some opportunities to join student groups. We hope that these materials help you learn about the Hopkins community and the options available to you. Again, welcome to Hopkins and we’ll see you in August! Linda Moulton, Denise Shipley, Lashell Silver, Eric Simmons, Janet Weise, and Betty Zee Johns Hopkins University Whiting School of Engineering Office of Academic Affairs—Engineering Advising Wyman Park Building Suite N125 3400 N. Charles Street Baltimore, MD 21218-2681 410-516-7395 [email protected] https://engineering.jhu.edu/advising/ Nondiscrimination Statement The Johns Hopkins University is committed to equal opportunity and providing a safe and non- discriminatory educational and working environment for its students, trainees, faculty, staff, post-doctoral fellows, residents, and other members of the University community. To that end, the university seeks to provide community members with an environment that is free from discrimination and harassment on the basis of sex, gender, marital status, pregnancy, race, color, ethnicity, national origin, age, disability, religion, sexual orientation, gender identity or expression, veteran status or other legally protected characteristic.
    [Show full text]
  • Next Generation Web Scanning Presentation
    Next generation web scanning New Zealand: A case study First presented at KIWICON III 2009 By Andrew Horton aka urbanadventurer NZ Web Recon Goal: To scan all of New Zealand's web-space to see what's there. Requirements: – Targets – Scanning – Analysis Sounds easy, right? urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets What does 'NZ web-space' mean? It could mean: •Geographically within NZ regardless of the TLD •The .nz TLD hosted anywhere •All of the above For this scan it means, IPs geographically within NZ urbanadventurer (Andrew Horton) www.morningstarsecurity.com Finding Targets We need creative methods to find targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com DNS Zone Transfer urbanadventurer (Andrew Horton) www.morningstarsecurity.com Find IP addresses on IRC and by resolving lots of NZ websites 58.*.*.* 60.*.*.* 65.*.*.* 91.*.*.* 110.*.*.* 111.*.*.* 113.*.*.* 114.*.*.* 115.*.*.* 116.*.*.* 117.*.*.* 118.*.*.* 119.*.*.* 120.*.*.* 121.*.*.* 122.*.*.* 123.*.*.* 124.*.*.* 125.*.*.* 130.*.*.* 131.*.*.* 132.*.*.* 138.*.*.* 139.*.*.* 143.*.*.* 144.*.*.* 146.*.*.* 150.*.*.* 153.*.*.* 156.*.*.* 161.*.*.* 162.*.*.* 163.*.*.* 165.*.*.* 166.*.*.* 167.*.*.* 192.*.*.* 198.*.*.* 202.*.*.* 203.*.*.* 210.*.*.* 218.*.*.* 219.*.*.* 222.*.*.* 729,580,500 IPs. More than we want to try. urbanadventurer (Andrew Horton) www.morningstarsecurity.com IP address blocks in the IANA IPv4 Address Space Registry Prefix Designation Date Whois Status [1] -----
    [Show full text]
  • Flask Documentation Release 0.7Dev July 14, 2014
    Flask Documentation Release 0.7dev July 14, 2014 Contents I User’s Guide1 1 Foreword3 1.1 What does “micro” mean?...........................3 1.2 A Framework and an Example........................4 1.3 Web Development is Dangerous.......................4 1.4 The Status of Python 3.............................4 2 Installation7 2.1 virtualenv....................................7 2.2 System Wide Installation...........................8 2.3 Living on the Edge...............................9 2.4 easy_install on Windows............................9 3 Quickstart 11 3.1 A Minimal Application............................ 11 3.2 Debug Mode.................................. 12 3.3 Routing..................................... 13 3.4 Static Files.................................... 17 3.5 Rendering Templates.............................. 17 3.6 Accessing Request Data............................ 19 3.7 Redirects and Errors.............................. 22 3.8 Sessions..................................... 22 3.9 Message Flashing................................ 23 3.10 Logging..................................... 24 3.11 Hooking in WSGI Middlewares....................... 24 4 Tutorial 25 4.1 Introducing Flaskr............................... 25 4.2 Step 0: Creating The Folders......................... 26 4.3 Step 1: Database Schema........................... 27 4.4 Step 2: Application Setup Code........................ 27 i 4.5 Step 3: Creating The Database........................ 29 4.6 Step 4: Request Database Connections.................... 30 4.7 Step
    [Show full text]