Tag: security

All the articles with the tag "security".

• Dangerous Python Functions, Part 3

  Published:Jan 30, 2017 |  at 01:33 PM

  In the final part of my dangerous Python functions series, I cover more security risks including assert statements, XML parsing vulnerabilities, and unsafe input handling. Plus, I've turned the whole series into a deck of cards!

• Answers to Django Security Questions

  Published:Oct 16, 2015 |  at 06:56 AM

  I found a list of Django security questions but couldn't find clear answers anywhere. So I dug in and wrote them myself, covering everything from CSRF and SQL injection to password hashing and mass assignment.

• Using Bandit in the Field

  Published:Sep 25, 2015 |  at 03:17 PM

  After talking about Bandit, I wanted to see how it actually performed in the real world. This post shares my experience using Bandit to find vulnerabilities in Python projects and practical tips for integrating it into your workflow.

• Finding Vulnerabilities with Bandit

  Published:Sep 24, 2015 |  at 03:37 PM

  Python's dynamic nature makes it hard to catch security vulnerabilities statically. Bandit scans your Python code for common security issues. Learn how to use it to find problems before they reach production.

• Dangerous Python Functions, Part 2

  Published:Aug 15, 2015 |  at 02:33 PM

  In part 2 of my dangerous Python functions series, I cover more risky functions like pickle.loads(), yaml.load(), and tempfile.mktemp(). These can lead to code execution, deserialization attacks, and race conditions.

• Dangerous Python Functions

  Published:Jul 26, 2015 |  at 02:33 PM

  Python's dynamic nature can lead to subtle bugs that are hard to catch. I've created a deck of cards highlighting dangerous Python functions like eval(), exec(), and input() that can cause security vulnerabilities or unexpected behavior.