✅ Phase 6: AI-Assisted Software Engineering Best Practices (Part 2)

As your projects become more real-world, security isn’t optional—and AI can help spot vulnerabilities before they become costly.

Update: I fat-fingered this one. It was supposed to go out on zerotobuilder.substack.com instead. Well, welcome to vibe coding 😅

We've spent the last few days learning how to design better software. Now it's time to make it safer. Security isn't just for big companies—it's something you should start thinking about even when you’re vibe-coding a hobby project.

Today’s focus:
How to handle secrets safely and validate user input using AI-assisted development.

---

🔐 What We’re Learning

✅ 1. Avoid Hardcoding Secrets

Don’t put your API keys or passwords directly in your code.

Instead:

• Store them in a .env file (which is git-ignored).

• Use python-dotenv to load them securely:

from dotenv import load_dotenv
import os

load_dotenv()
api_key = os.getenv("CLOUD_API_KEY")

🔒 AI Prompt:
“Replace all hardcoded credentials with environment variables using python-dotenv.”

---

✅ 2. Validate All Input

Whether it’s a user form or command-line input, never trust it blindly.

Use:

• Type checks (str.isdigit())

• Format checks (email, dates, etc.)

• AI-generated validation helpers

Example:

email = input("Enter your email: ")
if "@" not in email or "." not in email:
    print("Invalid email address.")

💬 AI Prompt:
“Add input validation to this function to prevent crashes or bad input.”

---

🔎 Security Code Review with Cursor

Here’s a powerful review sequence to drop into your AI assistant:

1. Initial Review

Act as a security engineer. Review this code for vulnerabilities like hardcoded secrets, input issues, and unsafe file handling.

1. Ask Follow-Ups

How do I safely read an API key from a .env file instead of hardcoding?

What’s the best way to validate this user input in Flask?

1. Refactor Prompt

Rewrite this code with your suggested security improvements.

---

🧪 Test Like a Hacker (Beginner Version)

• Try inputting "abc" into a field expecting a number.

• Leave input blank or add special characters.

• Use SQL-like strings: '; DROP TABLE users; --

Ask AI: “Help me simulate malicious input for this script and handle it safely.”

---

✨ Vibe Code Prompt

Review this script for security flaws like hardcoded secrets and unsafe input. Recommend beginner-friendly improvements.

Try this on any script from the past week. You'll be surprised what it finds.

---

💡 Today’s Takeaway

“Security is like brushing your teeth. Do a little every day before it becomes a painful problem.”

Even at the beginner stage, these habits matter. And your AI assistant is the perfect sidekick to catch what you might miss.