Strategies for security – Python
We have discussed quite a few vulnerabilities that exist in the core Python programming language, and also taken a look at some of the common security issues affecting Python web applications.
The time is ripe now to go through strategies—tips and techniques that a security architect can use so that their team can apply secure coding principles to mitigate security issues right from the stage of program design and development:
Reading input: While reading console input, prefer rawinput over input, as the former doesn't evaluate Python expressions, but returns input as plain strings. Any type conversions or validations should be done manually, and exceptions are thrown or errors returned if types don't match. For reading passwords, use libraries such as getpass, and also perform validations on the returned data. Any evaluation of the data can be safely done once the validations succeed.
Evaluating expressions: As we've seen in our examples, eval always has...
