Posts tagged: OWASP

Server-Side Template Injection (SSTI): When Django Templates Become a Weapon

Published May 11, 2026 • Updated May 19, 2026 • Cybersecurity Django OWASP Python Web Security

SSTI in Django: how Jinja2 MRO traversal achieves RCE, why Django's DTL is safe by design, and where that guarantee evaporates. OWASP A03:2021, CVE-2022-22954.

Cross-Site Scripting (XSS): Stored, Reflected and DOM-Based Attacks — and Why mark_safe and Unsafe Markdown Are Equally Dangerous

Published May 07, 2026 • Updated May 12, 2026 • Cybersecurity Django OWASP Python Web Security

XSS in Django: how stored, reflected and DOM-based attacks work, why mark_safe() and unsafe Markdown open the same hole, and how to migrate to nh3.

SQL Injection: How Attackers Break Your Database and How Django's ORM Stops Them

Published May 04, 2026 • Updated May 12, 2026 • Cybersecurity Django OWASP SQL Injection Web Security

SQL Injection: how attackers exploit unsanitised queries, why Django's ORM stops them, and where the protection ends. OWASP A03:2021, CySA+ VM.