
Master secure coding and design practices to build code resistant to hacking and data leaks, guided by Saltzer and Schroeder, with focus on code-level security for web 2.0 and 3.0.
Learn the economy of design principle, emphasizing minimal, modular mechanisms and trusted algorithms to reduce complexity, verify correctness, and minimize security risks at system edges.
Implement complete mediation by routing all access requests through a trusted module, enforcing authorization and validation for every resource, complementing failsafe defaults and preventing direct access.
Explore the work factor principle by comparing attacker resources to security costs, calculate brute-force implications for passwords, and guide design decisions to reduce breach risk.
Discover secure design principles in Python, including economy of mechanism, failsafe defaults, complete mediation, least privilege, separation of privilege, least common mechanism, psychological acceptability, work factor, and compromise recording.
Improve password validation by enforcing length and character rules—at least eight characters, one uppercase, one lowercase, and one special character—using regex, then proceed with authentication to deter brute force.
Adopt secure configuration by avoiding default or weak settings and disabling unnecessary services. Enforce secure permissions and use https to protect data from unauthorized access.
Learn how to replace MD5 with bcrypt for password hashing in Python, generate a salt, store the salt with the hash, and strengthen the protection of user credentials.
Implement comprehensive, structured logging for fund transfers by recording action, sender, recipient, amount, and timestamps to improve monitoring, analysis, and incident response while avoiding sensitive data.
This lecture highlights why server side request validations are essential to protect user data, prevent SQL injection and XSS, and enforce robust input validation, data sanitization, and file upload checks.
Demonstrates how sql injection can exploit a python login application programming interface by concatenating email and password in a query. Shows how to fix it with parameterized queries using placeholders.
Maintain a secure application by enforcing secure session management, protecting configuration files, encrypting sensitive values, avoiding hardcoded secrets, and applying security patches while validating text-to-code conversions.
Implement a secure software development life cycle that embeds security from compliance and risk assessment through architecture review, design, secure coding, automated and manual static analysis, and ongoing vulnerability checks.
Leverage both manual review and automated static analysis to detect bugs, security vulnerabilities, and technical debt, using tools like SonarQube and AI-assisted code corrections.
Fix vulnerabilities in python code after analysis, implement secure coding practices, and re-run analysis to verify remediation, while improving design guided by SonarCube and SonarLint.
Secure coding is a way of writing computer programs that makes them less vulnerable to security threats like hacking and viruses or data leaks.
When we write software, we want to make sure it is built in a way that keeps it safe from the attackers who might want to break in and do real bad things, like steal information or cause damage to the application or data.
One of the rough truth is that new vulnerabilities are constantly being discovered, which can compromise the security of software systems. This means that even if a software application was secure at one point in time, it may become vulnerable to attack as new weaknesses are identified and exploited by attackers.
What is the way to achieve this?
The answer is we have to follow certain guidelines and best practices at every stage of development that help us identify and address potential security risks. By doing this, we can better protect sensitive data and prevent unauthorised access or manipulation of the software by attackers.Also, focussing on applications security and updating the application time to time as per the updating security standards.
It's essential to prioritise secure coding practices because most businesses today rely on software to run their operations. Software can either be custom-made specifically for the business or purchased from other companies. Building software can be a time-consuming and costly process, but unfortunately, the security of the software often doesn't receive enough attention
It is not part of day to day programming by developers. There are a few challenges that architects and developers face to achieve code security:
Lack of knowledge:
Many new developers may not have a comprehensive understanding of secure coding practices and may not be aware of the potential vulnerabilities in their code.
Limited resources:
Small teams or individual developers may not have the resources to implement complex security measures or to conduct thorough testing of their code.
Time constraints: Developers may be under pressure to deliver code quickly, which can lead to shortcuts being taken and security being overlooked.
Evolving threats:
The security landscape is constantly changing, and new threats can emerge quickly. Developers need to stay up-to-date with the latest threats and vulnerabilities to ensure that their code remains secure.
Compatibility issues:
Secure coding can sometimes conflict with other requirements, such as compatibility with legacy systems or third-party software, which can make it difficult to implement.
These are the challenges faced during the development. The best solution to this is to know the security practices prior to start a new development so that they can be taken in consideration from the very start.This means making sure that all developers understand the basics of secure coding practices and that security is considered throughout the development process Developers should educate themselves on secure coding practices and keep themselves updated with new security vulnerabilities and their solutions.
TOC :
1. OnBoarding
2. Introduction of Secure Coding
3. Secure Design
4. Understanding the RISKS
5. Security Management
6. Summary
7. Appendix