**Course Title:** Security Best Practices in Software Development **Section Title:** Common Vulnerabilities and Attacks **Topic:** Identify and Fix Vulnerabilities in a Provided Code Sample (Lab Topic) **Topic Overview:** In the previous topics, we explored common vulnerabilities and attacks that can compromise software security. In this lab topic, we'll put our knowledge into practice by identifying and fixing vulnerabilities in a provided code sample. This hands-on exercise will help you understand how to apply security principles to real-world coding scenarios. ### What to Expect In this lab, you'll work with a provided code sample that contains several vulnerabilities. You'll learn how to: 1. Identify potential security risks and vulnerabilities in the code 2. Analyze the code to understand the root causes of the vulnerabilities 3. Apply secure coding practices to fix the vulnerabilities 4. Verify the fixes to ensure the code is secure ### Provided Code Sample For this lab, we'll use a simple web application written in Python using the Flask framework. The code is intentionally vulnerable to demonstrate common security issues. Download the code sample from [GitHub Repository](https://github.com/username/security-lab-code-sample) **Code Sample Description:** The code sample is a simple login system that authenticates users using a username and password. The application uses a SQLite database to store user credentials. ### Identifying Vulnerabilities Let's start by reviewing the code sample and identifying potential security risks and vulnerabilities. **Step 1:** Review the code sample and identify any obvious security issues. * Look for any user input that is not validated or sanitized. * Check for any sensitive data, such as passwords, that are not properly stored or transmitted. * Identify any potential SQL injection vulnerabilities. **Code Review:** After reviewing the code, we've identified the following vulnerabilities: * **SQL Injection Vulnerability:** In the `login` function, the code uses string concatenation to build the SQL query, which makes it vulnerable to SQL injection attacks. * **Missing Input Validation:** The code does not validate or sanitize user input, which makes it vulnerable to cross-site scripting (XSS) attacks. * **Sensitive Data Exposure:** The code stores user passwords in plaintext, which is a major security risk. ### Fixing Vulnerabilities Now that we've identified the vulnerabilities, let's fix them. **Step 1:** Fix the SQL injection vulnerability by using parameterized queries. * Modify the `login` function to use parameterized queries instead of string concatenation. ```python from flask import g from flask_sqlalchemy import SQLAlchemy db = SQLAlchemy(app) class User(db.Model): id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(64), unique=True, nullable=False) password = db.Column(db.String(128), nullable=False) def login(username, password): user = User.query.filter_by(username=username).first() if user and user.password == password: return True return False ``` **Step 2:** Implement input validation and sanitization. * Modify the `login` function to validate and sanitize user input using Flask-WTF or a similar library. ```python from flask_wtf import FlaskForm from wtforms import StringField, PasswordField from wtforms.validators import DataRequired, Length class LoginForm(FlaskForm): username = StringField('Username', validators=[DataRequired(), Length(min=2, max=64)]) password = PasswordField('Password', validators=[DataRequired(), Length(min=8, max=128)]) def login(form): username = form.username.data password = form.password.data # rest of the code... ``` **Step 3:** Fix the sensitive data exposure by storing passwords securely. * Modify the code to store passwords securely using a library like Flask-Bcrypt or a similar library. ```python from flask_bcrypt import Bcrypt bcrypt = Bcrypt(app) def create_user(username, password): hashed_password = bcrypt.generate_password_hash(password).decode('utf-8') user = User(username=username, password=hashed_password) db.session.add(user) db.session.commit() def login(username, password): user = User.query.filter_by(username=username).first() if user and bcrypt.check_password_hash(user.password, password): return True return False ``` ### Verifying the Fixes Now that we've fixed the vulnerabilities, let's verify that the code is secure. **Step 1:** Test the login functionality to ensure it works as expected. **Step 2:** Attempt to inject malicious input to test the input validation and sanitization. **Step 3:** Verify that passwords are stored securely by checking the database. **Conclusion:** In this lab, we identified and fixed several vulnerabilities in a provided code sample. We applied secure coding practices to prevent SQL injection attacks, implemented input validation and sanitization, and stored passwords securely. **Key Takeaways:** * Always use parameterized queries to prevent SQL injection attacks. * Validate and sanitize user input to prevent XSS attacks. * Store sensitive data, such as passwords, securely using a library like Flask-Bcrypt. **Additional Resources:** * [OWASP SQL Injection Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) * [OWASP Cross-Site Scripting (XSS)](https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS).html) **Leave a comment or ask for help in the box below:** (Note: There are no other discussion boards. Leave your comment below)