Home / Companies / Semgrep / Blog / Post Details
Content Deep Dive

Bento check: keeping your cookies safe in Flask

Blog post from Semgrep

Post Details
Company
Date Published
Author
Grayson Hardaway
Word Count
484
Company Posts That Month
1
Language
English
Hacker News Points
-
Post removed?
No
Summary

In 2011, RFC6265 introduced important security mechanisms for managing cookies, such as the HttpOnly and Secure flags, to enhance web security by mitigating XSS and CSRF attacks. The SameSite attribute was later added to provide further protection against cross-site request forgery. The article discusses a security check implemented to ensure these attributes are set when cookies are created in Flask applications, highlighting that secure cookie settings are often underutilized despite their benefits. The check encourages developers to explicitly define the Secure, HttpOnly, and SameSite attributes when calling the set_cookie() function in Flask, though it allows for explicit disabling when necessary. An analysis of 715 Flask apps on GitHub revealed that most would benefit from these settings, suggesting the check serves as a useful reminder rather than an intrusive requirement. The article encourages developers to assess their codebases with tools like Bento to enhance security.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.