Tag: python

All the articles with the tag "python".

• Dangerous Python Functions, Part 3

  Published:Jan 30, 2017 |  at 01:33 PM

  In the final part of my dangerous Python functions series, I cover more security risks including assert statements, XML parsing vulnerabilities, and unsafe input handling. Plus, I've turned the whole series into a deck of cards!

• DevOps from Scratch, Part 1: Vagrant & Ansible

  Published:Sep 19, 2016 |  at 12:32 PM

  Ever wondered how to build and deploy a web app from scratch? This is the first part of my 'DevOps from Scratch' series, where we'll get hands-on with Vagrant and Ansible to automate our local development setup for a Python web application.

• Answers to Django Security Questions

  Published:Oct 16, 2015 |  at 06:56 AM

  I found a list of Django security questions but couldn't find clear answers anywhere. So I dug in and wrote them myself, covering everything from CSRF and SQL injection to password hashing and mass assignment.

• Using Bandit in the Field

  Published:Sep 25, 2015 |  at 03:17 PM

  After talking about Bandit, I wanted to see how it actually performed in the real world. This post shares my experience using Bandit to find vulnerabilities in Python projects and practical tips for integrating it into your workflow.

• Finding Vulnerabilities with Bandit

  Published:Sep 24, 2015 |  at 03:37 PM

  Python's dynamic nature makes it hard to catch security vulnerabilities statically. Bandit scans your Python code for common security issues. Learn how to use it to find problems before they reach production.

• Dangerous Python Functions, Part 2

  Published:Aug 15, 2015 |  at 02:33 PM

  In part 2 of my dangerous Python functions series, I cover more risky functions like pickle.loads(), yaml.load(), and tempfile.mktemp(). These can lead to code execution, deserialization attacks, and race conditions.

• Dangerous Python Functions

  Published:Jul 26, 2015 |  at 02:33 PM

  Python's dynamic nature can lead to subtle bugs that are hard to catch. I've created a deck of cards highlighting dangerous Python functions like eval(), exec(), and input() that can cause security vulnerabilities or unexpected behavior.

• Python / Django Talks

  Published:Aug 18, 2014 |  at 07:51 PM

  I started listening to Python and Django conference talks on my commute instead of music, and it's been amazing. Here are my notes and takeaways from some of the most influential talks I've heard.

• Submitting a Patch to CPython

  Published:Aug 3, 2014 |  at 12:32 PM

  I submitted my first patch to CPython, Python's main implementation. The story of how I found a bug, worked with the core developers, and got my contribution accepted into the language.

• 7 Lessons Learned from Teaching My Brother to Program

  Published:Jun 10, 2014 |  at 12:32 PM

  I spent a year teaching my 18-year-old brother to program over weekend Skype calls. Here are the seven key lessons I learned about teaching programming to beginners, from choosing the right language to keeping motivation high.