secure code

A 7-post collection

Writing a Secure Encrypted Chat in Python

When using a stream ciphers to pass encrypted messages to the other, there are some potential traps that we should look out for. Let's explore them and then move on to a demo chat application. Key Storage The first question is where do you store the key. Modern (mobile) platforms provide a secure key storage as part of the operating system. Desktop and server OS still don't. These are the requirements we need to consider: It should be easy to change keys periodically. It should be

Read more

How To: Encrypt Large Files with Python and PyNacl

One limitation of pynacl's concise API is its lack of support for buffered reading. When it comes to large files we can't always load all data to memory in one chunk. This is how I dealt with the problem in a recent project. The Mechanism Pynacl can encrypt and authenticate short blocks (<=16kb is the recommended size). With larger files we'll want to read the file in chunks, encrypt and sign each using pynacl's secret box and then HMAC the entire encrypted data. These are

Read more

A Developer's Guide To Working With PayPal

PayPal provides two main options for integration into your online store. In this short guide I'll describe both and show how and when to use each. How It Works Payment system providers will typically have two options for integrating with online stores: The first is to use an on-demand payment page, and then notify back to the store via IPN when the purchase was completed. The second uses the API to create a specific payment page per-request. With the API a store can query PayPal for

Read more

How Safe Is This Code?

A Recent code example I found online got me thinking about how explicit should our security procedures be, or in other words that one should still use best security practices even when the framework provides these tests automatically. Below you'll find the example and my reasoning. As always would love to hear your opinion too. The Code This time we're dealing with ruby and this following snippet shows how to handle file upload in Sinatra: post '/save_image' do @filename = params[:file][:filename] file = params[

Read more

My Top 6 Common Weaknesses Every Programmer Should Know By Heart

Common Weakness Enumeration, or in its short name CWE, lists about 700 common mistakes developers make while writing code. Remembering or even reading the entire list can be a challenge. But there are some repeating ideas that due to their massive potential impact it is important to know (and tell your friends) about. Injections The first is of course injections, which in their many forms have caused chaos throughout the industry. Not long ago the entire internet was vulnerable to CWE-89 - SQL Injection. Today CWE-79

Read more