Securing Gramex Deployments

There are many common security vulnerabilities that we need to protect Gramex instances against.

To check if your project is vulnerable, download and run the OWASP Zed Attack Proxy. This runs a penetration test on your application and shares a report.

To protect against common vulnerabilities, the quickest way is to import deploy.yaml. This deploy.yaml has commonly used security configurations and is bundled as part of Gramex.

For example, it:

  1. Disables cross-site scripting
  2. Prevents content-sniffing
  3. Prevents clickjacking
  4. Hides the server name
  5. Only allows downloading specific file types
  6. Creates a new cookie secret for each host
  7. Caches all files privately