5. Security by Design: Prevention Over Reaction

Designing securely from the start costs less than patching later. Prevent issues before they reach users.

Example: Environment Configuration

# 5. Insecure: plaintext credentials
DB_PASSWORD = "root123"

# 5. Secure: environment variables
import os
DB_PASSWORD = os.getenv("DB_PASSWORD")
if not DB_PASSWORD:
    raise EnvironmentError("Missing DB_PASSWORD variable.")

Example: Validation Policy

# 5. Secure input early instead of patching later
def process_user(data):
    if not data.isascii() or len(data) > 100:
        raise ValueError("Invalid data.")
    # Continue processing safely

✅ Lesson: Security must be a requirement, not a patch.