Python Snippet #01
This challenge covers the review of a snippet of code written in Python
In this lab, we explore a Python snippet used to manage payments, highlighting the importance of secure coding practices. The scenario involves two servers: an online store and a payment gateway. To ensure the payment details are not tampered with, the store signs the request using a secret key. However, the method used for signing—hashlib’s SHA-256—is vulnerable to length extension attacks, allowing malicious users to alter payment amounts.
The correct approach would be to use HMAC (Hash-based Message Authentication Code) with SHA-256, which is designed to prevent such vulnerabilities. The lab demonstrates how seemingly secure implementations can be flawed and emphasizes the need for robust cryptographic practices in web applications.