Secure Coding Guidelines — Python

A. Hammoudeh, Mohammad Ali; Ibrahim, Renad; Alshraryan, Lama; Alnomise, Manar; Alhumidan, Ragad

doi:10.22042/isecure.2021.13.3.0

Secure Coding Guidelines — Python

Document Type : Research Article

Authors

Mohammad Ali A. Hammoudeh

Renad Ibrahim

Lama Alshraryan

Manar Alnomise

Ragad Alhumidan

Department of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.

https://doi.org/10.22042/isecure.2021.13.3.0

Abstract

Recently, the interest in cybercrime and cybersecurity has increased dramatically both in terms of critical security issues and national economic information infrastructure and sensitive dealing policies, such as protection and data privacy. Moreover, the growing threat of cybersecurity has prompted the kingdom to pay more attention to its national cybersecurity strategy as the state embarks on a Vision 2030 plan, which aims to diversify the economy and create new jobs. Therefore, Any Computer system is always having security threats which are considered as a big problem and this including application Codes as increasing demand. The paper aims to give a detailed information about secure coding with Python and present security guidelines and considerations in different disciplines. It focuses on giving an overview of the authentication methods used in application (Code) and show program security mistakes to introduce vulnerabilities (Ex. SQL Injection). We review
the new user authentication techniques, making it easier for the manager to choose the appropriate techniques for his organization by understanding the way it works, advantages, and disadvantages. The administrator can integrate
these mechanisms in a manner that is appropriate for his security plan. This will be useful for programmers and users to keep their codes and applications more secure and viable for usage in sensitive environments.

Keywords

Cybersecurity

Secure Coding Practices

Coding Guidelines

Vulnerabilities

OWSAP

Python Challenges

SQL Injection

20.1001.1.20082045.2021.13.3.4.1

[1] Amir A Khwaja, Muniba Murtaza, and Hafiz F Ahmed. A security feature framework for programming languages to minimize application layer vulnerabilities. Security and Privacy, 3(1):e95, 2020.
[2] Eva Hariyanti, Arif Djunaidy, and Daniel Siahaan. Information security vulnerability prediction based on business process model using machine learning approach. Computers & Security, 110:102422, 2021.
[3] Gleidson Sobreira Leite and Adriano Bessa Albuquerque. An approach for reduce vulnerabilities in web information systems. In Proceedings of the Computational Methods in Systems and Software, pages 86–99. Springer, 2018.
[4] Top Computer Languages. Statisticstimes.com, 2021. Accessed 18 February 2022.
[5] F Al-sharif. Cybersecurity awareness: A challenge for saudi arabia. Arab News, 2018.
[6] Positive Technologies. Web applications vulnerabilities and threats: statistics for 2019. ptsecurity, 2020. Accessed 18 February 2022.
[7] PS Seemma, S Nandhini, and M Sowmiya. Overview of cyber security. International Journal of Advanced Research in Computer and Communication Engineering, 7(11):125–128, 2018.
[8] Tiago Espinha Gasiba and Ulrike Lechner. Raising secure coding awareness for software developers in the industry. In 2019 IEEE 27th International Requirements Engineering Conference Workshops (REW), pages 141–143. IEEE, 2019.
[9] Executive Summary. What is python?, 2021. Accessed 18 February 2022.
[10] Ossama B Al-Khurafi and Mohammad A AlAhmad. Survey of web application vulnerability attacks. In 2015 4th International Conference on Advanced Computer Science Applications and Technologies (ACSAT), pages 154–158. IEEE,
2015.
[11] Vuyolwethu Mdunyelwa, Lynn Futcher, and Johan van Niekerk. An educational intervention for teaching secure coding practices. In IFIP World Conference on Information Security Education, pages 3–15. Springer, 2019.
[12] Stefan Micheelsen and Bruno Thalmann. A static analysis tool for detecting security vulnerabilities in python web applications, 2016.
[13] R Abirami, DC Joy Winnie Wise, R Jeeva, and S Sanjay. Detecting security vulnerabilities in website using python. In 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC), pages 844–846. IEEE, 2020.
[14] Arafa Anis, Mohammad Zulkernine, Shahrear Iqbal, Clifford Liem, and Catherine Chambers. Securing web applications with secure coding practices and integrity verification. In 2018 IEEE 16th Intl Conf on Dependable, Autonomic
and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, pages 618–625. IEEE, 2018.
[15] R Abirami, DC Joy Winnie Wise, R Jeeva, and S Sanjay. Detecting security vulnerabilities in website using python. In 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC), pages 844–846. IEEE, 2020.
[16] Asish Kumar Dalai and Sanjay Kumar Jena. Neutralizing sql injection attack using server side code modification in web applications. Security and Communication Networks, 2017, 2017.
[17] Bhawana Gautam, Jyotiraditya Tripathi, and Satwinder Singh. A secure coding approach for prevention of sql injection attacks. International Journal of Applied Engineering Research, 13(11):9874–9880, 2018.
[18] Na Meng, Stefan Nagy, Danfeng Yao, Wenjie Zhuang, and Gustavo Arango Argoty. Secure coding practices in java: Challenges and vulnerabilities. In Proceedings of the 40th International Conference on Software Engineering, pages 372–
383, 2018.
[19] Sazzadur Rahaman, Na Meng, and Danfeng Yao. Tutorial: Principles and practices of secure crypto coding in java. In 2018 IEEE Cybersecurity Development (SecDev), pages 122–123. IEEE, 2018.
[20] Yuriy Brun, Tian Lin, Jessie Elise Somerville, Elisha Myers, and Natalie C Ebner. Blindspots in python and java apis result in vulnerable code. arXiv preprint arXiv:2103.06091, 2021.
[21] contrast security. contrast labs application security intelligence bimonthly report, 2021. Accessed 18 February 2022.
[22] D. S. Bekerman, Yerushalmi. The state of vulnerabilities in 2019. medium, 2020. Accessed 18 February 2022.
[23] Django Djangoproject. [23] the web framework for perfectionists with deadlines, 2021. Accessed 18 February 2022.