Python Senior
All sheets Buy me a coffee
← 12. API Design & AuthN/Z
14. Testing Strategy (pytest) →

13. Security Essentials

Question: Why is it dangerous to pickle untrusted data?

Answer: Unpickling data can execute arbitrary code, making it a major security vulnerability. An attacker can craft a malicious pickle payload that, when deserialized, can lead to remote code execution on the server. You should never unpickle data from an untrusted or unauthenticated source. Use safe serialization formats like JSON for data exchange.

Question: How can you manage application secrets securely?

Answer: Secrets should never be committed to source control. They should be managed via environment variables or, for more robust security, injected at runtime from a dedicated secret management service like HashiCorp Vault, AWS Secrets Manager, or GCP Secret Manager.

Question: How should you store passwords?

Answer: Never store plaintext. Use slow, memory-hard password hashers like Argon2id or at least bcrypt with per-user salts.

Explanation: Mitigates offline cracking; use proven libraries.

from passlib.hash import argon2
hashed = argon2.hash("secret")
argon2.verify("secret", hashed)

Question: How do you prevent SSRF and ensure TLS is validated?

Answer: Enforce allowlists for outbound hosts, block link-local/reserved IPs, and require certificate verification with hostname checking.

Explanation: Avoid following redirects to private networks; set strict timeouts.

← 12. API Design & AuthN/Z
14. Testing Strategy (pytest) →