forked from mattmakai/fullstackpython.com
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathweb-application-security.html
513 lines (506 loc) · 26.2 KB
/
web-application-security.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
<!DOCTYPE html>
<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="author" content="Matt Makai">
<meta name="description" content="Full Stack Python explains each layer of the web application stack, from the server up through the rendering in a user's browser.">
<link rel="shortcut icon" href="theme/img/fsp-fav.png">
<title>Web Application Security - Full Stack Python</title>
<link href="theme/css/fsp.css" rel="stylesheet">
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
<link href="//netdna.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.css" rel="stylesheet">
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-19910497-7']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script> </head>
<body>
<a href="https://github.com/makaimc/fullstackpython.github.com" class="github">
<img style="position: absolute; top: 0; right: 0; border: 0;" src="http://s3.amazonaws.com/github/ribbons/forkme_right_darkblue_121621.png" alt="Fork me on GitHub" />
</a>
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="logo-header-section">
<a href="/" style="text-decoration: none; border: none;"><img src="theme/img/fsp-logo.png" height="52" width="52" class="logo-image" style="padding-top: 1px;"/></a>
<span class="logo-title"><a href="/">Full Stack Python</a></span>
</div>
</div>
</div> <div class="row">
<div class="col-md-8">
<h1>Web Application Security</h1>
<p>Website security must be thought about while building every level of the web
stack. However, this section includes topics that deserve particular
treatment, such as cross-site scripting (XSS), SQL injection, cross-site
request forgery and usage of public-private keypairs.</p>
<h2>Security open source projects</h2>
<ul>
<li>
<p><a href="http://www.bro.org/">Bro</a> is a network security and traffic monitor.</p>
</li>
<li>
<p><a href="https://github.com/marshyski/quick-secure">quick NIX secure script</a> for
securing Linux distributions.</p>
</li>
</ul>
<h2>HTTPS resources</h2>
<ul>
<li>
<p><a href="http://robertheaton.com/2014/03/27/how-does-https-actually-work/">How does HTTPS actually work?</a>
is a well-written overview of the protocol including certificates,
signatures, signing and related topics.</p>
</li>
<li>
<p>This question asking <a href="http://security.stackexchange.com/questions/5126/whats-the-difference-between-ssl-tls-and-https">what is the difference between TLS and SSL?</a>
explains that TLS is a newer version of SSL and should be used because
SSL through version 3.0 is insecure.</p>
</li>
<li>
<p>If you're having users submit sensitive information to your site you need
to use SSL/TLS. Anything before TLS is now insecure. Check out this
<a href="http://wingolog.org/archives/2014/10/17/ffs-ssl">handy guide</a> that goes
over some of the nuances of the subject.</p>
</li>
<li>
<p><a href="https://hynek.me/talks/tls/">The Sorry State of SSL</a> details the
history and evolution of SSL/TLS. There are important differences between
the versions and Hynek explains why TLS should always be used. The
talk prompted work to improve Python's SSL in 2.7.9 based on the upgrades
in Python 3 outlined in
<a href="https://developer.rackspace.com/blog/the-not-so-sorry-state-of-ssl-in-python/">The not-so-sorry state of SSL in Python</a>.</p>
</li>
<li>
<p><a href="http://blog.hartleybrody.com/https-certificates/">How HTTPS Secures Connections</a>
is a guide for what HTTPS does and does not secure against.</p>
</li>
<li>
<p><a href="http://erik.io/blog/2013/06/08/a-basic-guide-to-when-and-how-to-deploy-https/">When and How to Deploy HTTPS</a></p>
</li>
<li>
<p><a href="http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html">The first few milliseconds of an HTTPS connection</a>
provides a detailed look at the SSL handshake process that is implemented
by browsers based on the <a href="http://tools.ietf.org/html/rfc2818">RFC 2818</a>
specification.</p>
</li>
<li>
<p><a href="https://www.ssllabs.com/ssltest/">Qualy SSL Server Test</a> can be used to
determine what's in place and what is missing for your server's HTTPS
connection. Once you run the test read this article on
<a href="https://sethvargo.com/getting-an-a-plus-on-qualys-ssl-labs-tester/">Getting an A+ on Qualy's SSL Labs Tester</a>
to improve your situation.</p>
</li>
</ul>
<h2>General security resources</h2>
<ul>
<li>
<p>The Open Web Application Security Project (OWASP) has
<a href="https://www.owasp.org/index.php/Cheat_Sheets">cheat sheets for security</a>
topics.</p>
</li>
<li>
<p>This page contains a
<a href="http://dfir.org/?q=node/8/">fantastic currated list of security reading material</a>
from beginning to advanced topics.</p>
</li>
<li>
<p>The <a href="http://www.reddit.com/r/netsec/">/r/netsec</a> subreddit is one place to
go to learn more about network and application security.</p>
</li>
<li>
<p><a href="http://gexos.github.io/Hacking-Tools-Repository/">Hacking Tools Repository</a>
is a great list of password cracking, scanning, sniffing and other security
penetration testing tools.</p>
</li>
<li>
<p><a href="http://www.andrewault.net/2010/05/17/securing-an-ubuntu-server/">Securing an Ubuntu Server</a></p>
</li>
<li>
<p><a href="http://joshrendek.com/2013/01/securing-ubuntu/">Securing Ubuntu</a></p>
</li>
<li>
<p><a href="http://httpd.apache.org/docs/current/misc/security_tips.html">Security Tips from Apache</a></p>
</li>
<li>
<p><a href="http://spenserj.com/blog/2013/07/15/securing-a-linux-server/">Securing a Linux Server</a></p>
</li>
<li>
<p>The EFF has a well written overview on
<a href="https://www.eff.org/deeplinks/2014/11/what-makes-good-security-audit">what makes a good security audit</a>. It's broad but contains some of their behind the
scenes thinking on important considerations with security audits.</p>
</li>
<li>
<p><a href="http://arstechnica.com/security/2013/02/securing-your-website-a-tough-job-but-someones-got-to-do-it/">Securing Your Website</a></p>
</li>
<li>
<p><a href="https://www.crypto101.io/">Crypto 101</a> is an introductory course on
cryptography for programmers.</p>
</li>
<li>
<p><a href="http://getprismatic.com/story/1409447605839">An in-depth analysis of SSH attacks on Amazon EC2</a>
shows how important it is to secure your web servers, especially when they are
hosted in IP address ranges that are commonly scanned by malicious actors.</p>
</li>
</ul>
<h2>Web security learning checklist</h2>
<p><i class="fa fa-check-square-o"></i>
Read and understand the major web application security flaws that are
commonly exploited by malicious actors. These include cross-site request
forgery (CSRF), cross-site scripting (XSS), SQL injection and session
hijacking. The
<a href="https://www.owasp.org/index.php/Top_10_2013-Top_10">OWASP top 10 web application vulnerabilities list</a>
is a great place to get an overview of these topics.</p>
<p><i class="fa fa-check-square-o"></i>
Determine how the framework you've chosen mitigates these vulnerabilities.</p>
<p><i class="fa fa-check-square-o"></i>
Ensure your code implements the mitigation techniques for your framework. </p>
<p><i class="fa fa-check-square-o"></i>
Think like an attacker and actively work to break into your own system. If
you do not have enough experience to confidently break the security consider
hiring a known white hat attacker. Have her break the application's security,
report the easiest vulnerabilities to exploit in your app and help implement
protections against those weaknesses.</p>
<p><i class="fa fa-check-square-o"></i>
Recognize that no system is ever totally secure. However, the more popular
an application becomes the more attractive a target it is to attackers.
Reevaluate your web application security on a frequent basis.</p>
<h3>What topic do you want to learn about next?</h3>
<div class="row">
<div class="col-md-3">
<div class="well select-next">
<a href="/web-analytics.html" class="btn btn-success btn-full"><i class="fa fa-dashboard fa-2x"></i></a>
<p class="under-btn">
I want to learn more about the users of my app with analytics.
</p>
</div>
</div>
<div class="col-md-3">
<div class="well select-next">
<a href="/api-integration.html" class="btn btn-success btn-full"><i class="fa fa-link fa-inverse fa-2x"></i></a>
</a>
<p class="under-btn">
How do I integrate external APIs into my app?
</p>
</div>
</div>
<div class="col-md-3">
<div class="well select-next">
<a href="/logging.html" class="btn btn-success btn-full"><i class="fa fa-align-left fa-inverse fa-2x"></i></a>
<p class="under-btn">
How can I log events that occur while the app is running?
</p>
</div>
</div>
<div class="col-md-3">
<div class="well select-next">
<a href="/about-author.html" class="btn btn-success btn-full"><i class="fa fa-user fa-2x"></i></a>
<p class="under-btn">
Who created Full Stack Python?
</p>
</div>
</div>
</div> <style type="text/css">
#mc_embed_signup{background:#fff; clear:left; font:12px "Helvetica Neue",Arial,sans-serif; }
/* Add your own MailChimp form style overrides in your site stylesheet or in this style block.
We recommend moving this block and the preceding CSS link to the HEAD of your HTML file. */
</style>
<hr/>
<div id="mc_embed_signup">
<form action="http://mattmakai.us2.list-manage.com/subscribe/post?u=b7e774f0c4f05dcebbfee183d&id=b22335388d" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank" novalidate>
<h4>Interested in a complete Full Stack Python book with detailed tutorials and example code? Sign up here and you'll get an alert email if a book is created. No other emails will be sent other than sign up confirmation.</h4>
<div class="row">
<div class="col-md-9">
<label for="mce-EMAIL">Email Address</label>
<input type="email" value="" name="EMAIL" class="required email form-control" id="mce-EMAIL">
</div>
<div class="col-md-3">
<input type="submit" value="Subscribe" name="subscribe" id="mc-embedded-subscribe" class="btn btn-success" style="margin-top: 20px;">
</div>
<div id="mce-responses" class="clear">
<div class="response" id="mce-error-response" style="display:none"></div>
<div class="response" id="mce-success-response" style="display:none"></div>
</div> <!-- real people should not fill this in and expect good things - do not remove this or risk form bot signups-->
<div style="position: absolute; left: -5000px;"><input type="text" name="b_b7e774f0c4f05dcebbfee183d_b22335388d" value=""></div>
</div>
</form>
</div>
<script type="text/javascript">
var fnames = new Array();var ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';
try {
var jqueryLoaded=jQuery;
jqueryLoaded=true;
} catch(err) {
var jqueryLoaded=false;
}
var head= document.getElementsByTagName('head')[0];
if (!jqueryLoaded) {
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = '//ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js';
head.appendChild(script);
if (script.readyState && script.onload!==null){
script.onreadystatechange= function () {
if (this.readyState == 'complete') mce_preload_check();
}
}
}
var err_style = '';
try{
err_style = mc_custom_error_style;
} catch(e){
err_style = '#mc_embed_signup input.mce_inline_error{border-color:#6B0505;} #mc_embed_signup div.mce_inline_error{margin: 0 0 1em 0; padding: 5px 10px; background-color:#6B0505; font-weight: bold; z-index: 1; color:#fff;}';
}
var head= document.getElementsByTagName('head')[0];
var style= document.createElement('style');
style.type= 'text/css';
if (style.styleSheet) {
style.styleSheet.cssText = err_style;
} else {
style.appendChild(document.createTextNode(err_style));
}
head.appendChild(style);
setTimeout('mce_preload_check();', 250);
var mce_preload_checks = 0;
function mce_preload_check(){
if (mce_preload_checks>40) return;
mce_preload_checks++;
try {
var jqueryLoaded=jQuery;
} catch(err) {
setTimeout('mce_preload_check();', 250);
return;
}
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = 'http://downloads.mailchimp.com/js/jquery.form-n-validate.js';
head.appendChild(script);
try {
var validatorLoaded=jQuery("#fake-form").validate({});
} catch(err) {
setTimeout('mce_preload_check();', 250);
return;
}
mce_init_form();
}
function mce_init_form(){
jQuery(document).ready( function($) {
var options = { errorClass: 'mce_inline_error', errorElement: 'div', onkeyup: function(){}, onfocusout:function(){}, onblur:function(){} };
var mce_validator = $("#mc-embedded-subscribe-form").validate(options);
$("#mc-embedded-subscribe-form").unbind('submit');//remove the validator so we can get into beforeSubmit on the ajaxform, which then calls the validator
options = { url: 'http://mattmakai.us2.list-manage.com/subscribe/post-json?u=b7e774f0c4f05dcebbfee183d&id=b22335388d&c=?', type: 'GET', dataType: 'json', contentType: "application/json; charset=utf-8",
beforeSubmit: function(){
$('#mce_tmp_error_msg').remove();
$('.datefield','#mc_embed_signup').each(
function(){
var txt = 'filled';
var fields = new Array();
var i = 0;
$(':text', this).each(
function(){
fields[i] = this;
i++;
});
$(':hidden', this).each(
function(){
var bday = false;
if (fields.length == 2){
bday = true;
fields[2] = {'value':1970};//trick birthdays into having years
}
if ( fields[0].value=='MM' && fields[1].value=='DD' && (fields[2].value=='YYYY' || (bday && fields[2].value==1970) ) ){
this.value = '';
} else if ( fields[0].value=='' && fields[1].value=='' && (fields[2].value=='' || (bday && fields[2].value==1970) ) ){
this.value = '';
} else {
if (/\[day\]/.test(fields[0].name)){
this.value = fields[1].value+'/'+fields[0].value+'/'+fields[2].value;
} else {
this.value = fields[0].value+'/'+fields[1].value+'/'+fields[2].value;
}
}
});
});
$('.phonefield-us','#mc_embed_signup').each(
function(){
var fields = new Array();
var i = 0;
$(':text', this).each(
function(){
fields[i] = this;
i++;
});
$(':hidden', this).each(
function(){
if ( fields[0].value.length != 3 || fields[1].value.length!=3 || fields[2].value.length!=4 ){
this.value = '';
} else {
this.value = 'filled';
}
});
});
return mce_validator.form();
},
success: mce_success_cb
};
$('#mc-embedded-subscribe-form').ajaxForm(options);
});
}
function mce_success_cb(resp){
$('#mce-success-response').hide();
$('#mce-error-response').hide();
if (resp.result=="success"){
$('#mce-'+resp.result+'-response').show();
$('#mce-'+resp.result+'-response').html(resp.msg);
$('#mc-embedded-subscribe-form').each(function(){
this.reset();
});
} else {
var index = -1;
var msg;
try {
var parts = resp.msg.split(' - ',2);
if (parts[1]==undefined){
msg = resp.msg;
} else {
i = parseInt(parts[0]);
if (i.toString() == parts[0]){
index = parts[0];
msg = parts[1];
} else {
index = -1;
msg = resp.msg;
}
}
} catch(e){
index = -1;
msg = resp.msg;
}
try{
if (index== -1){
$('#mce-'+resp.result+'-response').show();
$('#mce-'+resp.result+'-response').html(msg);
} else {
err_id = 'mce_tmp_error_msg';
html = '<div id="'+err_id+'" style="'+err_style+'"> '+msg+'</div>';
var input_id = '#mc_embed_signup';
var f = $(input_id);
if (ftypes[index]=='address'){
input_id = '#mce-'+fnames[index]+'-addr1';
f = $(input_id).parent().parent().get(0);
} else if (ftypes[index]=='date'){
input_id = '#mce-'+fnames[index]+'-month';
f = $(input_id).parent().parent().get(0);
} else {
input_id = '#mce-'+fnames[index];
f = $().parent(input_id).get(0);
}
if (f){
$(f).append(html);
$(input_id).focus();
} else {
$('#mce-'+resp.result+'-response').show();
$('#mce-'+resp.result+'-response').html(msg);
}
}
} catch(e){
$('#mce-'+resp.result+'-response').show();
$('#mce-'+resp.result+'-response').html(msg);
}
}
}
</script>
<!--End mc_embed_signup--> </div>
<div class="col-md-offset-1 col-md-3" id="sidebar">
<div class="panel panel-success">
<div class="panel-heading"><h3 class="panel-head">Web Application Security</h3></div>
<div class="panel-body">
<a href="/">Full Stack Python</a> is an open book that explains
each Python web application stack layer and provides the
best web resources for those topics.
<hr/>
There's a work-in-progress
<a href="/full-stack-python-map.pdf">subjects map (.pdf)</a>
that visually lays out each chapter in addition to the table of
contents found below.
<hr/>
Need more detailed tutorials and walkthroughs than what is
presented here?
<a href="/email.html">Sign up for an email alert when that content is created.</a>
<hr/>
<a href="http://twitter.com/mattmakai">Matt Makai</a> built
this site with assistance from community pull requests. On GitHub
you can <a href="https://github.com/makaimc">follow Matt</a>
to see the daily changes.
</div>
</div>
<div class="panel panel-success">
<div class="panel-heading">
<h3 class="panel-head">Table of Contents</h3>
</div>
<div class="list-group">
<a href="/introduction.html" class="list-group-item smaller-item ">Introduction</a>
<a href="/web-frameworks.html" class="list-group-item smaller-item ">Web Frameworks</a>
<a href="/django.html" class="list-group-item smaller-item ">Django</a>
<a href="/flask.html" class="list-group-item smaller-item ">Flask</a>
<a href="/bottle.html" class="list-group-item smaller-item ">Bottle</a>
<a href="/morepath.html" class="list-group-item smaller-item ">Morepath</a>
<a href="/other-web-frameworks.html" class="list-group-item smaller-item ">Other Web Frameworks</a>
<a href="/deployment.html" class="list-group-item smaller-item ">Deployment</a>
<a href="/servers.html" class="list-group-item smaller-item ">Servers</a>
<a href="/platform-as-a-service.html" class="list-group-item smaller-item ">Platform-as-a-service</a>
<a href="/operating-systems.html" class="list-group-item smaller-item ">Operating Systems</a>
<a href="/web-servers.html" class="list-group-item smaller-item ">Web Servers</a>
<a href="/wsgi-servers.html" class="list-group-item smaller-item ">WSGI Servers</a>
<a href="/source-control.html" class="list-group-item smaller-item ">Source Control</a>
<a href="/application-dependencies.html" class="list-group-item smaller-item ">Application Dependencies</a>
<a href="/databases.html" class="list-group-item smaller-item ">Databases</a>
<a href="/no-sql-datastore.html" class="list-group-item smaller-item ">NoSQL Data Stores</a>
<a href="/web-design.html" class="list-group-item smaller-item ">Web Design</a>
<a href="/cascading-style-sheets.html" class="list-group-item smaller-item ">Cascading Style Sheets</a>
<a href="/javascript.html" class="list-group-item smaller-item ">JavaScript</a>
<a href="/continuous-integration.html" class="list-group-item smaller-item ">Continuous Integration</a>
<a href="/code-metrics.html" class="list-group-item smaller-item ">Code Metrics</a>
<a href="/configuration-management.html" class="list-group-item smaller-item ">Configuration Management</a>
<a href="/static-content.html" class="list-group-item smaller-item ">Static Content</a>
<a href="/caching.html" class="list-group-item smaller-item ">Caching</a>
<a href="/task-queues.html" class="list-group-item smaller-item ">Task Queues</a>
<a href="/application-programming-interfaces.html" class="list-group-item smaller-item ">Application Programming Interfaces</a>
<a href="/api-integration.html" class="list-group-item smaller-item ">API Integration</a>
<a href="/api-creation.html" class="list-group-item smaller-item ">API Creation</a>
<a href="/logging.html" class="list-group-item smaller-item ">Logging</a>
<a href="/monitoring.html" class="list-group-item smaller-item ">Monitoring</a>
<a href="/web-analytics.html" class="list-group-item smaller-item ">Web Analytics</a>
<a href="/web-application-security.html" class="list-group-item smaller-item active">Web Application Security</a>
<a href="/best-python-resources.html" class="list-group-item smaller-item ">Best Python Resources</a>
<a href="/development-environments.html" class="list-group-item smaller-item ">Development Environments</a>
<a href="/about-author.html" class="list-group-item smaller-item ">About the Author</a>
<a href="/change-log.html" class="list-group-item smaller-item ">Change Log</a>
<a href="/future-directions.html" class="list-group-item smaller-item ">Future Directions</a>
<a href="/what-full-stack-means.html" class="list-group-item smaller-item ">What "Full Stack" Means</a>
<a href="/why-use-python.html" class="list-group-item smaller-item ">Why Use Python?</a>
<a href="/websockets.html" class="list-group-item smaller-item ">WebSockets</a>
<a href="/docker.html" class="list-group-item smaller-item ">Docker</a>
</div>
</div>
</div></div>
<hr/>
<div class="footer pull-right">
<a href="http://www.mattmakai.com/" class="underline">Matt Makai</a>
2014
</div>
</div>
<script type="text/javascript">
setTimeout(function(){var a=document.createElement("script");
var b=document.getElementsByTagName("script")[0];
a.src=document.location.protocol+"//dnn506yrbagrg.cloudfront.net/pages/scripts/0016/5846.js?"+Math.floor(new Date().getTime()/3600000);
a.async=true;a.type="text/javascript";b.parentNode.insertBefore(a,b)}, 1);
</script></body>
</html>