Securing Gramex Deployments
There are many common security vulnerabilities that we need to protect Gramex instances against.
To check if your project is vulnerable, download and run the
OWASP Zed Attack Proxy.
This runs a penetration test on your application and shares a report.
To protect against common vulnerabilities, the quickest way is to import deploy.yaml.
has commonly used security configurations and is bundled as part of Gramex.
For example, it:
- Disables cross-site scripting
- Prevents content-sniffing
- Prevents clickjacking
- Hides the server name
- Only allows downloading specific file types
- Creates a new cookie secret for each host
- Caches all files privately