Knowledge Base

Explore our curated security knowledge graph

← Back to Home
4
Technologies
4
Vulnerabilities
6
Security Controls
4
Best Practices
Technology

FastAPI

Category: framework
Version: 0.104+

Modern Python web framework

Technology

Python

Category: language
Version: 3.11+

High-level programming language

Technology

SQLite

Category: database
Version: 3.x

Lightweight embedded SQL database

Technology

Streamlit

Category: framework
Version: 1.28+

Python framework for building data apps

Vulnerability

Cross-Site Scripting (XSS)

Severity: high
OWASP: A03:2021

Injection of malicious scripts into web pages

Vulnerability

Insecure Authentication

Severity: critical
OWASP: A07:2021

Weak or broken authentication mechanisms

Vulnerability

Path Traversal

Severity: high
OWASP: A01:2021

Unauthorized access to files outside intended directory

Vulnerability

SQL Injection

Severity: critical
OWASP: A03:2021

Injection of malicious SQL code through user input

SecurityControl

Input Sanitization

Category: input_validation
Difficulty: medium

Validate and sanitize all user inputs

SecurityControl

Multi-Factor Authentication

Category: authentication
Difficulty: medium

Require multiple authentication factors

SecurityControl

Output Encoding

Category: output_handling
Difficulty: low

Encode output to prevent XSS attacks

SecurityControl

Parameterized Queries

Category: input_validation
Difficulty: low

Use prepared statements to prevent SQL injection

SecurityControl

Path Validation

Category: input_validation
Difficulty: low

Validate file paths to prevent traversal

SecurityControl

Strong Password Policy

Category: authentication
Difficulty: low

Enforce strong passwords with complexity requirements

BestPractice

Enable Streamlit CORS Protection

Technology: Streamlit
Category: security_config

Configure CORS properly in Streamlit config

BestPractice

Streamlit Secret Management

Technology: Streamlit
Category: configuration

Use st.secrets for sensitive configuration

BestPractice

Use SQLAlchemy with Parameterized Queries

Technology: Python-SQLite
Category: database_security

Always use SQLAlchemy ORM or parameterized queries for database operations

BestPractice

Validate User Inputs in Forms

Technology: Streamlit
Category: input_validation

Always validate user inputs from text_input, number_input, etc.