16 docs tagged with "security"

Build a FastAPI app with JWT auth, role-based access control, password hashing, and security headers.

Master data hashing vs password hashing - hashlib, bcrypt, argon2, salting, timing attacks, constant-time comparison, and why MD5/SHA1 are broken for passwords.

Use Pydantic validators as security boundaries - prevent SQL injection, XSS, path traversal, SSRF, and file upload attacks through structural input validation in FastAPI.

Master stateless JWT authentication - token structure, signing algorithms, refresh token rotation, common pitfalls, and building production-grade FastAPI JWT middleware.

Master security engineering in Python - cryptographic hashing, JWT authentication, OAuth 2.0, input validation, SQL injection prevention, secrets management, and secure coding patterns that protect production systems from real-world attacks.

Implement OAuth 2.0 authorization code flow with PKCE, OpenID Connect ID tokens, Keycloak integration, and delegated authorization in FastAPI with authlib.

Solve 11 Python cryptographic hashing problems. Covers hashlib sha256, hmac digest, salted hashing. Hints and solutions.

Solve 11 Python input validation and sanitization problems. Covers input validation, whitelist validation, regex input. Hints and solutions.

Solve 11 Python jwt authentication problems (4 Easy, 4 Medium, 3 Hard). Practice JWT exercises, JSON web, JWT signing with hints, runnable code, and solutions.

Solve 11 Python oauth 2 and oidc problems. Covers OAuth2 practice, OAuth2 authorization, PKCE python. Hints and solutions.

Solve 11 Python secrets management problems. Covers os.environ config, python-dotenv loading, vault secret. Hints and solutions.

Solve 11 Python secure coding patterns problems. Covers secure coding, least privilege, fail-safe defaults. Hints and solutions.

Manage secrets securely with python-dotenv, Pydantic SecretStr, AWS Secrets Manager, HashiCorp Vault, git-secrets, and production credential rotation strategies.

Apply defense in depth, least privilege, CORS, rate limiting, CSP headers, dependency auditing with pip-audit, and static analysis with bandit to harden FastAPI applications.

Build a CLI tool that scans Python projects for common security vulnerabilities.

Prevent SQL injection through parameterized queries, SQLAlchemy best practices, ORM safety limits, raw SQL auditing, and defense against UNION, blind, and second-order injection.