Loading...
Security

Building Secure Python Applications: Best Practices

May 15, 20256 min read

Essential security practices every Python developer should implement.

PythonSecurityBest PracticesWeb Security
Building Secure Python Applications: Best Practices

Introduction

Security should be a fundamental consideration in every Python application. In this article, I'll cover essential security practices that every Python developer should implement.

1. Input Validation and Sanitization

Always validate and sanitize user input:

import re
from typing import Union

def validate_email(email: str) -> Union[str, None]:
    pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
    if re.match(pattern, email):
        return email
    return None

2. SQL Injection Prevention

Use parameterized queries to prevent SQL injection:

import sqlite3

def get_user(username: str):
    conn = sqlite3.connect('database.db')
    cursor = conn.cursor()
    
    # Vulnerable - DON'T DO THIS
    # cursor.execute(f"SELECT * FROM users WHERE username = '{username}'")
    
    # Secure - USE THIS
    cursor.execute("SELECT * FROM users WHERE username = ?", (username,))
    return cursor.fetchone()

3. Secure Password Handling

Never store plain text passwords:

from passlib.context import CryptContext

pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")

def hash_password(password: str) -> str:
    return pwd_context.hash(password)

def verify_password(plain_password: str, hashed_password: str) -> bool:
    return pwd_context.verify(plain_password, hashed_password)

4. Environment Variables

Keep sensitive data out of your code:

import os
from dotenv import load_dotenv

load_dotenv()

SECRET_KEY = os.getenv('SECRET_KEY')
DATABASE_URL = os.getenv('DATABASE_URL')

5. Dependency Security

Regularly audit your dependencies:

# Install safety
pip install safety

# Scan for vulnerabilities
safety check

6. HTTPS and Secure Headers

Always use HTTPS and set security headers:

# Flask example
from flask import Flask
from flask_talisman import Talisman

app = Flask(__name__)
Talisman(app, content_security_policy=None)

Conclusion

Security is an ongoing process. By implementing these practices and staying updated with security trends, you can build more secure Python applications.