Using well known tools is a double edged sword. On the one hand security issues are often found fast and fixed fast. On the other hand they are also exploited fast and en masse.
I have been building websites professionally for nearly two decades. In that time I have seen major attacks against a number of sites I worked on. They were ALL exploits in up to date frameworks/applications found by bots scanning for known vulnerabilities. In order of severity Wordpress, Django, osCommerce; Django was actually the most recent.
I’ve never had a custom built app compromised. Unless you’re some major player, no one wants to take the time to find flaws in your snowflake (outside query injection and the other common things you should know to protect against with experience). They find a flaw in a framework or library and then try to apply the known flaw everywhere.
Should every site be a snowflake? Surely not, not every developer is competent enough to build safe applications. Does it come with major upsides? Absolutely.
I'm very curious about the "major attack" against Django you mention. I'm unaware of in-the-wild attacks targeting Django itself, so I'd really like to know what I missed. Can you share more details with me? Public or private is fine, send me an email if you prefer.
I have been building websites professionally for nearly two decades. In that time I have seen major attacks against a number of sites I worked on. They were ALL exploits in up to date frameworks/applications found by bots scanning for known vulnerabilities. In order of severity Wordpress, Django, osCommerce; Django was actually the most recent.
I’ve never had a custom built app compromised. Unless you’re some major player, no one wants to take the time to find flaws in your snowflake (outside query injection and the other common things you should know to protect against with experience). They find a flaw in a framework or library and then try to apply the known flaw everywhere.
Should every site be a snowflake? Surely not, not every developer is competent enough to build safe applications. Does it come with major upsides? Absolutely.