Summary
In this chapter, we learned that compared to FastAPI and Tornado, there is quite a list of extension modules that provide solutions to secure a Flask application against various attacks. For instance, Flask-Seasurf and Flask-WTF can help minimize CSRF attacks. When pursuing web authentication, Flask-Login can provide a reliable authentication mechanism with added password hashing and encryption mechanisms, as we learned in this chapter.
On the other hand, Flask-HTTPAuth can provide API-based applications with HTTP basic, digest, and bearer token authentication schemes. We learned that OAuth2 Authorization server grants and OAuth2 JWT Token-based types can also protect Flask applications from other applications’ access.
The Flask-Talisman ensures security rules on response headers to filter the outgoing response of every API endpoint. Meanwhile, the Flask-Session module saves Flask sessions in the filesystem to avoid browser-based attacks. Escaping, stripping of...
