Python application security auditing with bandit

Comments, chapters, ... Slides Search
Loading Click here to add:
Subscribe to notifications

When subscribed to notifications, an email will be sent to you for all added annotations.

Your user account has no email address.

Information on this media

29 views

While more and more code is written and connected on the internet, security have never been so important for software. However, security is often relegated as a 2nd thought and solution to scale it had to be found by the industry theses days. A proven strategy is to use automatic static code analysis, a technique applied by tools such as Coverty or Clang, and mostly used for C code.
But not all softwares are written in C, so this talk will present bandit, a tool to detect dangerous python code, and will explain the different types of flaws developers have to keep in mind when writing code, and why static code analysis is not a silver bullet, but just one of the numerous way we can improve security.

 

Mickael Scherer

coucou

 

Michael Scherer works on the Open Source and Standards team at Red hat, focusing on infrastructure issues. He lives in Paris, and he often speaks at events and gives tutorials to help open source communities.

https://sec2016.rmll.info

Creation date: July 6, 2016
Speakers: Mickael Scherer
Company: RMLL
License: CC BY SA v4
Links:

Other media in the channel "Sécurité"