7/7/2020
This research was done by myself a while back and just got posted on my companies blog. Even though I generally post pwn or lower level articles on this blog, I am also into web application security and dive into the other things in my free time.
This research article is about securely routing requests in different web frameworks, such as Django, Flask, Ruby on Rails and more. The major consequence of insecurely routing pages is a CSRF bypass, as only particular HTTP methods are protected by CSRF. Overall, the research turned up some interesting results! So, I highly recommend taking a read in order to learn how to securely route requests in the most popular backend web frameworks.
The link for the article can be found on Security Innovation's website. Or, click here for the full article.