I am in a little bit of a journey inside my company to promote Streamlit as a data analytics tool, as it has been very useful for the analysts on my team (myself included).
One of the arguments that will have some weight on my superiors decision to adopt or not adopt Streamlit as a corporate tool will be the matter of cybersecurity.
So one of the cybersecurity experts of my company had some sort of software scan my application on Streamlit community cloud and these vulnerabilities popped up, according to them:
He said these vulnerabilities allow for the loss of the admin user of the platform, and allow for the insertion of data by non-authorized personnel.
As a Data Science guy, I don’t know much about cybersecurity, but if someone could please give me some counterarguments to give to my superiors related to the cybersecurity expert assesment I’d be grateful.
I would also like to know if these same vulnerabilities would still exist if I deployed my Streamlit app to a private cloud like Microsoft Azure.