Python Snippet #01

This challenge covers the review of a snippet of code written in Python

PRO
Tier
Easy
< 1 Hr.
1302

Course


In this lab, we explore a Python snippet used to manage payments, highlighting the importance of secure coding practices. The scenario involves two servers: an online store and a payment gateway. To ensure the payment details are not tampered with, the store signs the request using a secret key. However, the method used for signing—hashlib’s SHA-256—is vulnerable to length extension attacks, allowing malicious users to alter payment amounts.

The correct approach would be to use HMAC (Hash-based Message Authentication Code) with SHA-256, which is designed to prevent such vulnerabilities. The lab demonstrates how seemingly secure implementations can be flawed and emphasizes the need for robust cryptographic practices in web applications.

Want to learn more? Get started with PentesterLab Pro! GO PRO