This content originally appeared on DEV Community and was authored by Gage Morrow
How I Built a Secure Stock Trading Simulator with Flask and Python
Hey everyone! I’m Gage, a developer and cybersecurity enthusiast. I’ve been working on a project that combines my passions for programming and security: a Stock-Trading-Simulator.
My goal was to create a web application that not only mimics a banking and stock trading platform but also prioritizes robust security from the ground up. This was a great opportunity to apply industry-standard security practices and build something I could be proud of.
Key Features & The “Why” Behind Them
I focused on three main areas to make this project both useful and educational.
Secure User Management
User security was my top priority. I wanted to move beyond basic password hashing and implement practices that are standard in the industry.
Flask-Bcrypt: I moved away from simpler hashing algorithms like SHA-256 and implemented Flask-Bcrypt. This is an adaptive, salted hashing algorithm that makes brute-force attacks much more difficult.
CSRF Protection: Using Flask-WTF, I added Cross-Site Request Forgery (CSRF) protection to all my forms. This is a crucial defense against malicious requests from other websites.
Dynamic Stock Market Simulation
To make the app feel alive, I needed real-time data.
APScheduler: I used this task-scheduling library to automatically update the simulated stock prices for popular companies (like AAPL, GOOG, MSFT) every 60 seconds. This creates a dynamic, fluctuating market that makes the trading experience more engaging.
Client-Side Updates: I used JavaScript to update the displayed stock prices and portfolio values without requiring a full page refresh, which provides a seamless user experience.
Defensive Security in Practice
I also focused on a few key server-side and deployment security measures:
I moved the SQLite database file to a non-web-accessible directory. This prevents direct public access to sensitive user data, which is a simple but critical security measure.
The repository includes a DEPLOYMENT.md guide that details how to set up a firewall (UFW) to limit incoming connections, significantly reducing the network attack surface.
Technologies Used
Backend: Python, Flask, Flask-SQLAlchemy, APScheduler, Flask-Bcrypt, Flask-WTF
Frontend: HTML, CSS, JavaScript
Database: SQLite
I’m really proud of this project and the security concepts I was able to implement. It’s been a fantastic journey, and I’m now looking forward to adding more features and refining the existing code.
If you’re interested in the code, or want to run the project yourself, all the instructions are on my GitHub page. You can clone the repository, install the dependencies, and run it locally.
Check out the code here: https://github.com/ghostface-security/Stock-Trading-Simulator
I’d love to hear your thoughts and feedback! What other security features would you add to a project like this?
This content originally appeared on DEV Community and was authored by Gage Morrow