In this chapter, we started by looking at the details of a system architecture that has information security built-in. We went on to define secure coding, and looked at the philosophies and principles behind the practice of secure coding.

We then studied the different types of security vulnerabilities encountered in software systems, such as buffer overflows, input validation issues, access control issues, cryptographic weaknesses, information leaks, insecure file operations, and so on.

We then went on to a detailed discussion on Python security issues with a lot of examples. We looked in detail at reading and evaluating input, overflow errors, and serialization issues. We then went on to look at the common vulnerabilities in Python web application frameworks by using Flask as the web application server for illustration. We saw how one can exploit the weaknesses on web application templates, and perform attacks such as SSTI, XSS, and DoS. We also saw few examples of how to mitigate these attacks.

We then went on to list specific techniques in Python for writing secure code. We looked in detail at managing cryptographic hashes of passwords and other sensitive data in code, and discussed a couple of examples of doing this the right way. The importance of keeping oneself updated with security news and projects, and keeping the system updated with security patches was also mentioned.

Finally, we summarized the top 10 secure coding strategies that a security architect can impart to their team in order to create secure code and systems.

In the next chapter, we take a look at one of the most interesting aspects of software engineering and design, namely that of Design Patterns.