When Bandit Strikes - Defend Your Python Code
Offered By: Security BSides San Francisco via YouTube
Course Description
Overview
Explore the world of Python code security in this 26-minute conference talk from BSidesSF 2017. Dive into Bandit, an open-source tool for discovering common security flaws in Python code. Learn how Bandit works, its origins in OpenStack, and its widespread adoption beyond. Discover how to customize Bandit for different workflows, create a Security CI pipeline, and extend its capabilities. Follow along as Travis McPeak, a core Bandit developer, guides you through detecting critical security issues like command injection, SQL injection, insecure temporary file usage, and more. Gain insights into essential workflows, bug removal, and building security gates. Explore topics such as user input handling, TLS implementation, weak cryptography, file permissions, and hardcoded credentials. Conclude with next steps, metrics, secure development guidance, and Bandit documentation to enhance your Python code security practices.
Syllabus
Intro
Bandit
Command Injection
User Input
Temp Paths
TLS
Weak cryptography
promiscuous file permissions
hardcoded credentials
tempfile
run bandit against ansible
ansible prompt
raw input
essential workflow
removing a bug
build a gate
Next steps
Metrics
Secure Development Guidance
Bandit Documentation
Questions
Taught by
Security BSides San Francisco
Related Courses
Hacking and PatchingUniversity of Colorado System via Coursera Software Design Threats and Mitigations
University of Colorado System via Coursera Introduction to Cybersecurity for Teachers
Raspberry Pi Foundation via FutureLearn Identifying Security Vulnerabilities
University of California, Davis via Coursera Web Application Security Testing with Burp Suite
Coursera Project Network via Coursera