Member-only story
Improve the Security of Your Web App with These 7 Rules
Security issues are a major problem in the software industry. Every application has potential vulnerabilities, and sometimes security issues are hard to detect. However, sometimes applications have security issues that could have easily been avoided. Here are some tips that are not hard to implement, but will improve the security of your application significantly.
Some of the code examples in this article will use Python, but all of these principles are generally language agnostic.
- Avoid pseudo-random generators
A lot of applications have some sort of password/access key generation functionality. Most programming languages have a random library, that seems like the most logical solution for generating these random strings. The problem is that these random libraries are only pseudo-random, meaning that they will not produce truly random results, but ones that are deterministic, and that can be predicted if enough samples are collected.
Most experienced developers know this, but I have noticed that this occurs from time to time in production code, and it must be avoided at all costs.
Instead of using pseudo-random libraries, make sure to use libraries that implement actual randomness (most commonly by using entropy from the operating system or…
