Python application security auditing with bandit

Keyboard shortcuts

Key

Action

K or space

Play / Pause

Mute / Unmute

Select next subtitles

Select next audio track

Show slide in full page or toggle automatic source change

left arrow

Seek 5s backward

right arrow

Seek 5s forward

shift + left arrow or J

Seek 10s backward

shift + right arrow or L

Seek 10s forward

control + left arrow

Seek 60s backward

control + right arrow

Seek 60s forward

shift + down arrow

Decrease volume

shift + up arrow

Increase volume

shift + coma

Decrease playback speed

shift + dot or shift + semicolon

Increase playback speed

end

Seek to end

beginning

Seek to beginning

Loading Click here to add:

Information on this media

Creation date:

July 6th, 2016, 10 a.m.

Add date:

August 6th, 2016, 11:54 p.m.

Number of views:

Speaker:

Mickael Scherer

Company:

RMLL

License:

CC BY SA v4

Visibility:

This media is published

Description

While more and more code is written and connected on the internet, security have never been so important for software. However, security is often relegated as a 2nd thought and solution to scale it had to be found by the industry theses days. A proven strategy is to use automatic static code analysis, a technique applied by tools such as Coverty or Clang, and mostly used for C code.
But not all softwares are written in C, so this talk will present bandit, a tool to detect dangerous python code, and will explain the different types of flaws developers have to keep in mind when writing code, and why static code analysis is not a silver bullet, but just one of the numerous way we can improve security.

Mickael Scherer

coucou

Michael Scherer works on the Open Source and Standards team at Red hat, focusing on infrastructure issues. He lives in Paris, and he often speaks at events and gives tutorials to help open source communities.

https://sec2016.rmll.info