Python Security Tool

Speaker

Terri Oda

Material

• video

Detecting Known Vulnerability

• CVE: database with known software vulnerability
• Tools
  • safety
    • Free db: update monthly
    • Paid db: update realtime
  • pipenv check
• Safety vs Pipenv: Which one is better?
  • Neither! They use the same database

Code Quality

• pylint
  • Security Value: Low
• bandit
  • Goal: find security issues
  • Security Value: High
  • Sometimes you don't want to fix all your Bandit warnings
  • Use them as a way to focus code review instead

Code Quality - some anti-patterns

• What Errors Are Included in the Top 25 Software Errors?

Use these tools

1. CI
2. During code review
3. Before release

How do I secure python?

• Check for known vulnerabilities
  • safety check or pipenv check
• Check for code quality
  • pylint for basic linting
  • bandit for security linting
  • other static analysis for more
• Review secure coding guidelines for python to improve code reviews

Share on: Twitter ❄ Facebook ❄ Email

---