Contribute Media
A thank you to everyone who has made this possible: Read More

Python application security auditing with bandit

Description

While more and more code is written and connected on the internet, security has never been so important for software. However, security is often relegated as a 2nd thought and solution to scale it had to be found by the industry theses days.

A proven strategy is to use automatic static code analysis, a technique applied by tools such as Coverty or Clang, and mostly used for C code.

But not all software is written in C, so this talk will present bandit, a tool to detect dangerous python code, and will explain the different types of flaws developers have to keep in mind when writing code, and why static code analysis is not a silver bullet, but just one of the numerous way we can improve security.

Details

Improve this page