This task demonstrates a secure coding review of a Python login system.
We identify vulnerabilities in the insecure version and provide a secure implementation aligned with OWASP best practices.
- Review of insecure login system
- Identification of vulnerabilities:
- Hardcoded credentials
- Plaintext password comparison
- Weak authentication controls
- Recommendations for secure coding
- Improved secure login system:
- Password hashing with SHA-256
- Environment variable for secret storage
- Defensive programming practices
- Full professional report (
SecureCodingReport.pdf)
- Set environment variable for admin password:
- Linux/Mac:
export ADMIN_PASSWORD="StrongPassword123"
- Windows PowerShell:
$env:ADMIN_PASSWORD="StrongPassword123"
- Linux/Mac:
- Run the secure script:
python secure_logincode.py