Built-in security mechanisms of Python frameworks

14:33
18.10.2024
USSC
46

When conducting software development process audits, we often hear that functionality is implemented in the framework, and this may raise questions from security personnel.

Introduction

When auditing software development processes, we often hear that functionality is implemented in a framework, and this can raise questions from information security specialists.

Python, being one of the popular programming languages, offers many frameworks, each of which must be secure and have built-in security mechanisms or the ability to embed these mechanisms. In this article, we will try to understand what capabilities the frameworks actually provide, examine the security mechanisms, and ways to configure them using the example of common frameworks: Django, FastAPI, and Flask.

All these frameworks provide developers with powerful tools for creating secure applications, but their approaches and implementations differ.

1. Django Security

Django is a powerful and reliable web framework in Python that includes a wide range of security mechanisms that contribute to the creation of secure web applications. One of the key features of Django compared to other frameworks is its built-in security mechanisms, which provide a range of tools to protect against the most common attacks, such as CSRF, XSS, SQL injection, and others.

Built-in Security Mechanisms

CSRF (Cross-Site Request Forgery)

Django prevents CSRF attacks by using tokens that are checked with each data modification request. The CSRF token ensures that each request to the server comes from a trusted user and a trusted source. Django automatically adds the CSRF token to each form and checks this token when receiving a POST request.

XSS (Cross-Site Scripting)

Django protects against XSS by automatically escaping all variables output in templates. This prevents malicious scripts that could be inserted through input forms from being executed in the user's browser.

SQL Injection

Django uses ORM to generate all SQL queries to the database. This isolates developers from directly writing SQL code and protects against SQL injection, as all queries are built using parameterization and checked before execution.

Password Handling and Storage

2. Configuring Django Security Settings

Security settings in Django are configured through the settings.py file, which is the central place for application configuration. In this file, you can configure various parameters that will affect the security of your application.

Main security parameters

SECRET_KEY

Default value: Not set by default, must be unique.
Purpose: Used for cryptographic signing, important for the security of sessions and data associated with cookies.
Note: Never place SECRET_KEY in publicly accessible sources.

DEBUG

Default value: True
Purpose: When enabled, it displays detailed error information, which can be dangerous on a production server.
Note: Always set DEBUG = False on production servers.

ALLOWED_HOSTS

Default value: []
Purpose: Defines a list of strings representing the host/domain names that this site can serve.
Note: Configure this value according to the domains on which your application should run.

SECURE_BROWSER_XSS_FILTER

Default value: False
Purpose: Enables the XSS filter in the user's browser.
Note: It is recommended to set True to protect against XSS attacks.

X_FRAME_OPTIONS

Default value: DENY
Purpose: Controls the loading of the site inside the , , <object> tags.</p></li><li><p><strong>Note:</strong> DENY blocks all attempts to load pages into frames, which helps prevent clickjacking.</p></li></ul><p><em>SECURE_SSL_REDIRECT</em></p><ul><li><p><strong>Default value:</strong> False</p></li><li><p><strong>Purpose:</strong> Redirects all HTTP requests to HTTPS.</p></li><li><p><strong>Note:</strong> Enable in production if your site operates entirely over HTTPS.</p></li></ul><p>CSRF_COOKIE_SECURE</p><div class="read_more"> <div class="title">Read also:</div> <ul> <li><a href="/articles/hardware/2024/11/restoring-a-non-working-keyboard-using-qmk-a">Restoring a non-working keyboard using QMK and RP2040</a></li> </ul> </div> <ul><li><p><strong>Default value:</strong> False</p></li><li><p><strong>Purpose:</strong> Indicates that the CSRF cookie should only be transmitted over HTTPS.</p></li><li><p><strong>Note:</strong> Enable if your site uses HTTPS.</p></li></ul><p>SESSION_COOKIE_SECURE</p><ul><li><p><strong>Default value:</strong> False</p></li><li><p><strong>Purpose:</strong> Indicates that session cookies should only be transmitted over HTTPS.</p></li><li><p><strong>Note:</strong> Similar to CSRF_COOKIE_SECURE, enable for HTTPS sites.</p></li></ul><h4>Example of a configured configuration file</h4><pre><code># settings.py SECRET_KEY = 'your_secret_key_here' DEBUG = False ALLOWED_HOSTS = ['yourdomain.ru', 'www.yourdomain.ru'] SECURE_BROWSER_XSS_FILTER = True X_FRAME_OPTIONS = 'DENY' SECURE_SSL_REDIRECT = True CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True # Additional security settings SECURE_HSTS_SECONDS = 31536000 # Enable HSTS with a duration of one year SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_HSTS_PRELOAD = True</code></pre><h3>3. FastAPI Security</h3><p>FastAPI is a modern and high-performance framework for building APIs. It does not have a built-in security system in the traditional sense. Instead, it provides the fastapi.security module, which includes a number of classes for authentication and working with API keys.</p><h4>Built-in security mechanisms</h4> <p><em>Authentication and Authorization</em></p><p>FastAPI supports several authentication methods, including:</p><ul><li><p><strong>OAuth2</strong>: Using OAuth2PasswordBearer, the framework can manage access tokens, which is often used in modern APIs. </p></li><li><p><strong>API Keys</strong>: Mechanisms such as APIKeyHeader, APIKeyQuery, and APIKeyCookie allow the use of API keys for simple request authentication.</p></li></ul><p><em>Password Handling and Storage</em></p><p>FastAPI offers integration with libraries such as passlib and bcrypt for secure password hashing and verification. These libraries help developers easily implement reliable password hashing and subsequent verification. FastAPI itself does not have built-in tools for working with passwords but easily integrates with external libraries that provide such capabilities.</p><p><em>Protection against CSRF and XSS</em></p><ul><li><p><strong>CSRF</strong>: Since FastAPI is typically used to create APIs with authentication tokens, CSRF is not as significant a threat as in traditional web forms. However, for scenarios where cookies are used, it is recommended to use third-party solutions to add CSRF tokens.</p></li><li><p><strong>XSS</strong>: FastAPI does not automatically handle XSS, as this relates to content generated on the client side. Developers should ensure that all user data displayed in web applications is properly sanitized and escaped.</p></li></ul><p><em>Protection against SQL Injection</em></p> <p>Using ORM, such as SQLAlchemy, provides protection against SQL injections. FastAPI easily integrates with such ORM, ensuring that all database queries are strictly parameterized — this prevents the injection of malicious code.</p><p><em>Clickjacking</em></p><p>To protect against clickjacking, developers can use HTTP headers such as X-Frame-Options to control the loading of pages in frames. FastAPI makes it easy to add headers through API responses or using Starlette middleware.</p><h3>4. Configuring FastAPI Security Settings</h3><p>FastAPI itself does not have a specialized security configuration file. Instead, security settings and configurations are defined directly in the application code.</p><h4>Main Security Mechanisms</h4><p>OAuth2 Authentication:</p><ul><li><p><strong>Purpose</strong>: The OAuth2PasswordBearer class is used to create a token retrieval mechanism.</p></li><li><p><strong>Note</strong>: Ensures API security by verifying access tokens before processing user requests.</p></li><li><p><strong>Example</strong>:</p></li></ul><pre><code> from fastapi import Depends, FastAPI from fastapi.security import OAuth2PasswordBearer app = FastAPI() oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token") @app.get("/users/me") async def read_users_me(token: str = Depends(oauth2_scheme)): return {"token": token}</code></pre><p><em>API Keys:</em></p><ul><li><p><strong>Purpose</strong>: Using APIKeyHeader, APIKeyQuery, and APIKeyCookie classes to handle API keys.</p></li><li><p><strong>Note</strong>: Verifying API keys to access certain routes or API functions.</p></li><li><p><strong>Example</strong>:</p></li></ul> <pre><code> from fastapi import FastAPI, Security from fastapi.security.api_key import APIKeyHeader, APIKey app = FastAPI() api_key_header = APIKeyHeader(name="X-API-Key") async def get_api_key(api_key_header: str = Security(api_key_header)): if api_key_header == "secret-key": return "Authorized" else: return "Unauthorized" @app.get("/secure-data") async def secure_data(authorization: str = Security(get_api_key)): return {"status": authorization}</code></pre><p><em>HTTP Basic Auth:</em></p><ul><li><p><strong>Purpose</strong>: Using the HTTPBasic class for basic authentication.</p></li><li><p><strong>Note</strong>: Simple user authentication using a username and password.</p></li><li><p><strong>Example</strong>:</p></li></ul> <pre><code> import secrets from fastapi import FastAPI, Depends from fastapi.security import HTTPBasic, HTTPBasicCredentials from fastapi.exceptions import HTTPException app = FastAPI() security = HTTPBasic() def check_credentials(credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, "user") correct_password = secrets.compare_digest(credentials.password, "password") if not (correct_username and correct_password): raise HTTPException(status_code=401, detail="Incorrect email or password") return credentials @app.get("/secure-area") def secure_area(credentials: HTTPBasicCredentials = Depends(check_credentials)): return {"message": "Secure area accessed", "user": credentials.username}</code></pre><h4>Example of a configured configuration file</h4><pre><code>import secrets from fastapi import FastAPI, Depends, HTTPException from fastapi.security import OAuth2PasswordBearer, APIKeyHeader, HTTPBasic, HTTPBasicCredentials from jose import jwt # Added for handling JWT tokens app = FastAPI() # Security settings security = HTTPBasic() oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token") api_key_header = APIKeyHeader(name="X-API-Key") # Authentication check functions def check_credentials(credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, "user") correct_password = secrets.compare_digest(credentials.password, "password") if not (correct_username and correct_password): raise HTTPException(status_code=401, detail="Incorrect email or password") return credentials def get_api_key(api_key: str = Depends(api_key_header)): if api_key == "correct_key": return api_key else: raise HTTPException(status_code=401, detail="Invalid API key") # Routes @app.post("/token") async def login(): # Assume the function returns a JWT token after verifying credentials (omitted for simplicity) return {"access_token": "your_token"} @app.get("/users/me") async def read_users_me(token: str = Depends(oauth2_scheme)): # Return user data using the token return {"token": token} @app.get("/secure-area") def secure_area(credentials: HTTPBasicCredentials = Depends(check_credentials)): # Access to the secure area using HTTP Basic Auth return {"message": "Secure area accessed", "user": credentials.username} @app.get("/secure-data") async def secure_data(api_key: str = Depends(get_api_key)): # Access to secure data using API key return {"message": "Access granted", "api_key": api_key} if __name__ == "__main__": import uvicorn uvicorn.run(app, host="0.0.0.0", port=8000)</code></pre><h3>5. Flask Security</h3><p>Flask is a lightweight web framework for Python that is widely used for building web applications and APIs. Due to its flexibility and minimalist structure, Flask provides developers with a foundation for implementing many security features, but many security aspects require manual configuration or integration with external libraries.</p> <h4>Built-in Security Mechanisms</h4><p><em>Protection against CSRF (Cross-Site Request Forgery)</em></p><p>Flask-WTF, an extension for Flask, provides protection against CSRF. This extension automatically adds CSRF tokens to forms and validates these tokens upon receiving requests, helping to prevent unauthorized actions on behalf of authenticated users.</p><p><em>Protection against XSS (Cross-Site Scripting)</em></p><p>To combat XSS, Flask and its Jinja2 template engine automatically escape all variable outputs in templates unless otherwise specified. This prevents the execution of unwanted scripts that could be inserted into page content through user input.</p><p><em>Protection against SQL Injection</em></p><p>Using ORM, such as SQLAlchemy, prevents SQL injections as database queries are formed without directly passing parameters from the user, eliminating the possibility of executing malicious code through input data.</p><p><em>Authentication and Authorization</em></p><p>Flask-Login is a tool for managing user sessions that simplifies the authentication process. It helps developers control access to certain parts of the application by requiring users to log in.</p><p><em>Protection against Clickjacking</em></p><p>To protect against clickjacking, the X-Frame-Options header can be used. Flask-Talisman, another extension, allows easy management of security headers, including CSP (Content Security Policy), and helps combat XSS and other attack vectors.</p><h3>6. Configuring Flask Security Settings</h3> <p>In Flask, security parameters are usually set in the configuration file config.py. Flask does not have a built-in default configuration file but offers a flexible configuration system.</p><h4>Main Security Parameters</h4><p>Below are the key security parameters that can be configured in Flask:</p><p><em>SECRET_KEY</em></p><ul><li><p><strong>Default value</strong>: Not set by default, must be unique.</p></li><li><p><strong>Purpose</strong>: Used for signing session cookies and other secure operations.</p></li><li><p><strong>Note</strong>: The key must be protected and not disclosed.</p></li></ul><p><em>SESSION_COOKIE_SECURE</em></p><ul><li><p><strong>Default value</strong>: False</p></li><li><p><strong>Purpose</strong>: Instructs the browser to use cookies only over HTTPS.</p></li><li><p><strong>Note</strong>: Enable only if you are using HTTPS.</p></li></ul><p><em>SESSION_COOKIE_HTTPONLY</em></p><ul><li><p><strong>Default value</strong>: True</p></li><li><p><strong>Purpose</strong>: Prevents JavaScript access to cookies.</p></li><li><p><strong>Note</strong>: Helps mitigate XSS attacks.</p></li></ul><p>PERMANENT_SESSION_LIFETIME</p><ul><li><p><strong>Default value</strong>: 31 days</p></li><li><p><strong>Purpose</strong>: Sets the lifetime of a permanent session.</p></li><li><p><strong>Note</strong>: The value is set as a timedelta object.</p></li></ul><p>REMEMBER_COOKIE_DURATION</p><ul><li><p><strong>Default value</strong>: 365 days</p></li><li><p><strong>Purpose</strong>: Sets how long the cookie will remember the login information.</p></li><li><p><strong>Note</strong>: When using Flask-Login.</p></li></ul><h4>Example of a configured configuration file</h4> <pre><code>from datetime import timedelta from flask import Flask app = Flask(__name__) app.config['SECRET_KEY'] = 'your_secret_key_here' app.config['SESSION_COOKIE_SECURE'] = True app.config['SESSION_COOKIE_HTTPONLY'] = True app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=7) app.config['REMEMBER_COOKIE_DURATION'] = timedelta(days=14) @app.route('/') def index(): return "Welcome to the Flask app!" if __name__ == "__main__": app.run(ssl_context='adhoc')</code></pre><h3>Conclusion</h3><p>Python frameworks provide extensive capabilities for ensuring application security. Whether you use Django, FastAPI, or Flask, each of these frameworks has a set of tools that help protect against the most common threats in built-in or integrable ways. However, it is important to understand that no tool or framework can provide complete security on its own. Applying best practices and using proven libraries play a key role in enhancing the security of your applications. In summary, application security depends not only on the chosen framework but also on your attention to security details at every stage of development.</p><p><strong>Author: Artem Porfiryev, Senior Application Security Engineer at UCSB</strong></p> <div class="read_more"> <div class="title">Read also:</div> <ul> <li><a href="/articles/hardware/2024/11/testing-bmc-lets-talk-about-load-testing"> Testing BMC: let's talk about load testing</a></li> <li><a href="/articles/hardware/2024/11/i-waited-10-billion-cycles-and-only-got-a-lo"> I waited 10 billion cycles and only got a loading screen</a></li> <li><a href="/articles/hardware/2024/12/5-single-board-pcs-for-various-tasks-novemb"> 5 single-board PCs for various tasks: November news</a></li> </ul> </div> </div> </div> </article> <div class="widget-tags"> <ul><li><a rel="nofollow" href="/search?tag=information+security&key=tags">information security</a></li><li><a rel="nofollow" href="/search?tag=+secure+development&key=tags"> secure development</a></li><li><a rel="nofollow" href="/search?tag=+software+development&key=tags"> software development</a></li><li><a rel="nofollow" href="/search?tag=+devsecops&key=tags"> devsecops</a></li><li><a rel="nofollow" href="/search?tag=+django&key=tags"> django</a></li><li><a rel="nofollow" href="/search?tag=+fastapi&key=tags"> fastapi</a></li><li><a rel="nofollow" href="/search?tag=+flask&key=tags"> flask</a></li><li><a rel="nofollow" href="/search?tag=+python&key=tags"> python</a></li><li><a rel="nofollow" href="/search?tag=+frameworks&key=tags"> frameworks</a></li><li><a rel="nofollow" href="/search?tag=+clickjacking&key=tags"> clickjacking</a></li></ul> </div> <div id="emodzy"><div><a class='like' onclick='return false;' href='#'><span>0</span></a></div><div><a class='dislike' onclick='return false;' href='#'><span>0</span></a></div><div><a class='droll' onclick='return false;' href='#'><span>0</span></a></div><div><a class='love' onclick='return false;' href='#'><span>0</span></a></div><div><a class='cat' onclick='return false;' href='#'><span>0</span></a></div><div><a class='wow' onclick='return false;' href='#'><span>0</span></a></div></div> <div class="article-comments"> <div class="section-title add_comment"> <div class="title">Comments</div> </div> <div class="comments"> <div id="comments-wrapper"> <ol class="comment-list" id="comments"></ol> </div> <div id="comments-tpanel"> <div id="tpanel-refresh"></div> <div id="tpanel-new"></div> </div> </div><h4 id="comment-new-link"> <a href="#" class="btn btn-default">Write comment</a> </h4> <div id="comment-form-placeholder"> <form id="comment-form" action="#" method="post" class="well"> <div id="comment-preview-placeholder"></div> <input type="hidden" name="thread" value="resource-37061"/> <input type="hidden" name="parent" value="0"/> <input type="hidden" name="id" value="0"/> <input type="hidden" name="form_key" value="73c4f85db631ca3672b004fd86ccfa97"> <div class="form-group left"> <input type="text" name="name" value="" id="comment-name" class="form-control" placeholder="Name"/> <span class="error"></span> </div> <div class="form-group right"> <input type="text" name="email" value="" id="comment-email" class="form-control" placeholder="Email"/> <span class="error"></span> </div> <div class="form-group"> <textarea name="text" id="comment-editor" cols="30" rows="6" class="form-control"></textarea> <span class="error" id="text-error"></span> </div> <div class="form-group"> <label for="comment-captcha" id="comment-captcha222">Enter the amount 19 + 3</label> <input type="text" name="captcha" value="" id="comment-captcha" class="form-control" /> <span class="error"></span> </div> <div class="form-actions"> <input type="submit" class="input-btn submit" value="Write" title="Ctrl + Shift + Enter"/> <span class="time"></span> </div> </form> </div> </div> </div>  <div class="col-md-4 sb_right"> <h3>Relevant news on the topic "Security"</h3> <div class="widget"> <article class="article thumb-article tpl_slider_t2"> <div class="article-img"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/77/png/2024/11/400525640c3942d230a76164901c552a162688b4.47d520d6.webp" alt=" Launching the Hidden Lake node in Go"> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/security/2024/11/launching-the-hidden-lake-node-in-go"> Launching the Hidden Lake node in Go</a></h4> <ul class="article-meta"> <li class="time">20:16</li> <li class="date">14.11.2024</li> </ul> <ul class="article-info"> <li class="article-category"><a href="/">Security</a></li> </ul> </div> </article> </div> <div class="widget subscribe-widget"> <div class="widget-title">Subscribe to the newsletter</div> <form class="subscribe" action="#" method="post"> <input type="hidden" name="sx_action" value="subscribe"> <input class="input" type="email" name="email" placeholder="Enter your email"> <button type="submit" class="input-btn">Subscribe</button> </form> </div> <article class="article thumb-article tpl_slider_t2"> <div class="article-img"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/77/jpg/2024/11/87fbee50b51d486ad029b3fa7b96cc0b3e177c4f.47d520d6.webp" alt=" Cloud Computing Security"> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/security/2024/11/cloud-computing-security"> Cloud Computing Security</a></h4> <ul class="article-meta"> <li class="time">11:45</li> <li class="date">24.11.2024</li> </ul> <ul class="article-info"> <li class="article-category"><a href="/">Security</a></li> </ul> </div> </article> <article class="article thumb-article tpl_slider_t2"> <div class="article-img"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/77/jpg/2024/12/2df3ba728ff13c3f5a3fda499f261f655a3a54b5.47d520d6.webp" alt=" Inventing IAM for the MWS cloud: introduction and resource model"> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/security/2024/12/inventing-iam-for-the-mws-cloud-introductio"> Inventing IAM for the MWS cloud: introduction and resource model</a></h4> <ul class="article-meta"> <li class="time">14:19</li> <li class="date">19.12.2024</li> </ul> <ul class="article-info"> <li class="article-category"><a href="/">Security</a></li> </ul> </div> </article> <article class="article thumb-article tpl_slider_t2"> <div class="article-img"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/77/png/2024/10/01b968d69d3a499af62f4be19a062568d4cc076a.47d520d6.webp" alt=" To bind or not to bind: how we manage the identity of corporate "Macs""> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/security/2024/11/to-bind-or-not-to-bind-how-we-manage-the-id"> To bind or not to bind: how we manage the identity of corporate "Macs"</a></h4> <ul class="article-meta"> <li class="time">21:45</li> <li class="date">01.11.2024</li> </ul> <ul class="article-info"> <li class="article-category"><a href="/">Security</a></li> </ul> </div> </article> <article class="article thumb-article tpl_slider_t2"> <div class="article-img"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/77/jpg/2024/11/a6a88366e701d77368d98b22aa9f88c166f78e1f.47d520d6.webp" alt="How incorrect API development can lead to user deletion"> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/security/2024/11/how-incorrect-api-development-can-lead-to-us">How incorrect API development can lead to user deletion</a></h4> <ul class="article-meta"> <li class="time">11:55</li> <li class="date">05.11.2024</li> </ul> <ul class="article-info"> <li class="article-category"><a href="/">Security</a></li> </ul> </div> </article> <article class="article thumb-article tpl_slider_t2"> <div class="article-img"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/77/jpg/2024/11/7cd7f0e6be4b53ffa837a97262e7ed54e317a3f8.47d520d6.webp" alt=" Fraud Based on Trusted Data"> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/security/2024/11/fraud-based-on-trusted-data"> Fraud Based on Trusted Data</a></h4> <ul class="article-meta"> <li class="time">23:39</li> <li class="date">01.11.2024</li> </ul> <ul class="article-info"> <li class="article-category"><a href="/">Security</a></li> </ul> </div> </article> <article class="article thumb-article tpl_slider_t2"> <div class="article-img"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/77/png/2024/12/d0da0d2d4b324b6ecef2dd1b4b88c97d3b7348ea.47d520d6.webp" alt=" Hiding VMware from malware"> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/security/2024/12/hiding-vmware-from-malware"> Hiding VMware from malware</a></h4> <ul class="article-meta"> <li class="time">14:26</li> <li class="date">19.12.2024</li> </ul> <ul class="article-info"> <li class="article-category"><a href="/">Security</a></li> </ul> </div> </article> <div class="widget"> <div class="widget-title"><h2 class="title">Also read</h2></div> <div id="owl-carousel-3" class="owl-carousel owl-theme center-owl-nav"> <article class="article tpl_slider_t1"> <div class="article-img"> <a href="/articles/security/2024/11/a-few-words-about-malware-for-linux-and-ways"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/77/png/2024/11/7936a80853eac9b5add9f05df1bf67780d41a268.47d520d6.webp" alt=" A few words about malware for Linux and ways to protect your system"> </a> <ul class="article-info tags"> <li class="art_tag"><a rel="nofollow" href="/search?tag=linux&key=tags">linux</a></li><li class="art_tag"><a rel="nofollow" href="/search?tag=red+os&key=tags">red os</a></li><li class="art_tag"><a rel="nofollow" href="/search?tag=malware&key=tags">malware</a></li><li class="art_tag"><a rel="nofollow" href="/search?tag=security&key=tags">security</a></li> </ul> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/security/2024/11/a-few-words-about-malware-for-linux-and-ways"> A few words about malware for Linux and ways to protect your system</a></h4> <ul class="article-meta"> <li class="time">18:00</li> <li class="date">26.11.2024</li> </ul> </div> </article> <article class="article tpl_slider_t1"> <div class="article-img"> <a href="/articles/security/2024/11/enhancing-linux-server-protection-from-threa"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/77/png/2024/11/98191d6aae8880bbf9c31ced14d0c0a86d6600f8.47d520d6.webp" alt=" Enhancing Linux Server Protection from Threats and Attacks"> </a> <ul class="article-info tags"> <li class="art_tag"><a rel="nofollow" href="/search?tag=Linux&key=tags">Linux</a></li><li class="art_tag"><a rel="nofollow" href="/search?tag=server&key=tags">server</a></li><li class="art_tag"><a rel="nofollow" href="/search?tag=security&key=tags">security</a></li> </ul> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/security/2024/11/enhancing-linux-server-protection-from-threa"> Enhancing Linux Server Protection from Threats and Attacks</a></h4> <ul class="article-meta"> <li class="time">17:22</li> <li class="date">08.11.2024</li> </ul> </div> </article> </div> </div> </div> </div> </div> </div> <div class="section"> <div class="container"> <div class="row"> <div class="col-md-12"> <div class="section-title"> <h3 class="title">Also read</h3> </div> <div class="row"> <div class="col-md-3 col-sm-6"> <article class="article tpl_art_horizontal"> <div class="article-img"> <a href="/articles/ai/2024/12/how-to-choose-the-best-model-for-coding-usi"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/73/png/2024/12/dc9ec2dca6a2c70e6379a8a26301c743f518b047.47d520d6.webp" alt=" How to choose the best model for coding: using SLM and local LLM"> </a> <ul class="article-info"> <li class="article-category"><a href="/">AI</a></li> </ul> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/ai/2024/12/how-to-choose-the-best-model-for-coding-usi"> How to choose the best model for coding: using SLM and local LLM</a></h4> <ul class="article-meta"> <li class="time">17:35</li> <li class="date">14.12.2024</li> </ul> </div> </article> </div> <div class="col-md-3 col-sm-6"> <article class="article tpl_art_horizontal"> <div class="article-img"> <a href="/articles/ai/2024/12/to-the-stars-with-a-song-how-generative-ai"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/73/jpg/2024/12/5076cd27b5cf46c325894a3da49632aca07d66e4.47d520d6.webp" alt=" To the stars with a song! How generative AI helped an amateur astronomer"> </a> <ul class="article-info"> <li class="article-category"><a href="/">AI</a></li> </ul> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/ai/2024/12/to-the-stars-with-a-song-how-generative-ai"> To the stars with a song! How generative AI helped an amateur astronomer</a></h4> <ul class="article-meta"> <li class="time">14:23</li> <li class="date">19.12.2024</li> </ul> </div> </article> </div> <div class="col-md-3 col-sm-6"> <article class="article tpl_art_horizontal"> <div class="article-img"> <a href="/articles/software/2024/12/enabling-the-cbpolicyd-web-interface-in-carb"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/83/png/2024/12/e098d473b8e29b4fac7a8d9d6f41b082cb9b0667.47d520d6.webp" alt=" Enabling the CBPolicyD web interface in Carbonio"> </a> <ul class="article-info"> <li class="article-category"><a href="/">Software</a></li> </ul> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/software/2024/12/enabling-the-cbpolicyd-web-interface-in-carb"> Enabling the CBPolicyD web interface in Carbonio</a></h4> <ul class="article-meta"> <li class="time">12:43</li> <li class="date">19.12.2024</li> </ul> </div> </article> </div> <div class="col-md-3 col-sm-6"> <article class="article tpl_art_horizontal"> <div class="article-img"> <a href="/articles/software/2024/12/svardos-a-modern-incarnation-of-dos-with-op"> <img width="1000" height="625"class="lazy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" data-src="https://cdn.tekkix.com/assets/image-cache/w_1000h_625q_90/83/png/2024/12/9851f02a7960c77366cb14b807c53dac2006802c.47d520d6.webp" alt=" SvarDOS: a modern incarnation of DOS with open source code and repository"> </a> <ul class="article-info"> <li class="article-category"><a href="/">Software</a></li> </ul> </div> <div class="article-body"> <h4 class="article-title"><a href="/articles/software/2024/12/svardos-a-modern-incarnation-of-dos-with-op"> SvarDOS: a modern incarnation of DOS with open source code and repository</a></h4> <ul class="article-meta"> <li class="time">12:22</li> <li class="date">22.12.2024</li> </ul> </div> </article> </div> </div> </div> </div> </div> </div> <footer id="footer"> <div id="top-footer" class="section"> <div class="container"> <div class="row"> <div class="col-md-4"> <div class="footer-widget about-widget"> <a href="/" title="Go to home" class="footer-logo"></a> <ul class="footer-links"> <li><a href="/editorial-team">Editorial Team</a></li> <li><a href="/contact-us">Contact us</a></li> <li><a href="/cookies-policy">Cookie Policy</a></li> <li><a href="/privacy-policy">Privacy Policy</a></li> <li><a href="/donate">Donate</a></li> </ul> <div class="footer-copyright"> <span>©2024 All rights reserved. The use of materials is allowed only with an indexed link to the website tekkix.com. By continuing to use the site, you agree to the processing of cookies.</span> </div> </div> </div> <div class="col-md-4"> <div class="footer-widget"> <div class="footer-widget social-widget"> <div class="widget-title"> <div class="title">Share with friends</div> </div> <div class="uSocial-Share" data-lang="en" data-pid="9f9710c680a02d880bd56c585c90d20f" data-type="share" data-options="round-rect,style1,default,absolute,horizontal,size32,eachCounter0,counter0,nomobile,mobile_position_right,cutUrl" data-social="fb,twi,wa,reddit,pinterest,lin"></div> </div> <div class="footer-widget subscribe-widget"> <div class="widget-title"> <div class="title">Subscribe to the newsletter</div> </div> <form class="subscribe" action="#" method="post"> <input type="hidden" name="sx_action" value="subscribe"> <input class="input" type="email" name="email" placeholder="Enter your email"> <button type="submit" class="input-btn">Subscribe</button> </form> </div> </div> </div> <div class="col-md-4"> <div class="footer-widget"> <div class="widget-title"> <div class="title">Сategories</div> </div> <ul class="footer-links"> <li><a href="/articles/ai/">AI</a></li> <li><a href="/articles/software/">Software</a></li> <li><a href="/articles/hardware/">Hardware</a></li> <li><a href="/articles/security/">Security</a></li> <li><a href="/articles/network/">Network</a></li> <li><a href="/articles/gadgets/">Gadgets</a></li> <li><a href="/articles/diy/">DIY</a></li> </ul> </div> </div> </div> </div> </div> </footer> <div id="back-to-top"></div> <script src="/assets/js/jquery.min.js"></script> <script async src="https://www.googletagmanager.com/gtag/js?id=GTM-TL7R4DQH"></script> <script> $(document).ready(function() { $(".lightgallery").lightGallery(); }); function loadCSS(url) { var link = document.createElement("link"); link.rel = "stylesheet"; link.type = "text/css"; link.href = url; document.head.appendChild(link); } var script = document.createElement('script'); script.src = '/assets/js/external.js?v=2'; var script2 = document.createElement('script'); script2.src = 'https://usocial.pro/usocial/usocial.js?uid=b3068e5ad1f16904&v=6.1.5'; document.addEventListener('DOMContentLoaded', function() { document.body.appendChild(script); document.body.appendChild(script2); }); setTimeout(function() { //loadCSS("/assets/css/style.css?v=0.11")--------------------------------------------; }, 50); </script> <script type="text/javascript"> $(document).on('ready', function() { $(".mp_top_vertical").slick({ dots: false, vertical: true, centerMode: false, slidesToShow: 4, infinite: false, speed: 300, adaptiveHeight: true }); }); </script> <noscript><div><img src="https://mc.yandex.ru/watch/95015400" style="position:absolute; left:-9999px;" alt="" /></div></noscript><noscript><img src="//counter.rambler.ru/top100.cnt?pid=7727029" alt="Топ-100" /></noscript><noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NSM2R84T" height="0" width="0" style="display:none;visibility:hidden">