Insecure Configuration

Why is this important?

Python and frameworks like Flask/Django are very popular. While they follow secure patterns by default, there are instances where it can be configured insecurely.

Fixing Insecure Configuration

Option A: Disable Flask Debug

1. Go through the issues that GuardRails identified in the PR.
2. Identify code with this pattern:

# This would enable the Werkzeug utility that can be abused by attackers.
app.run(debug=True)

3. Replace it with the following code:

app.run()

4. Test it
5. Ship it 🚢

More information:

• Werkzeug - Debugger
• OWASP Top 10 - A6 Security Misconfiguration