YoVDO

Is Your Code Tainted? Finding Security Vulnerabilities Using Taint Tracking

Offered By: EuroPython Conference via YouTube

Tags

EuroPython Courses Django Courses SQL Injection Courses Security Vulnerabilities Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Discover how to identify security vulnerabilities using taint tracking in this 27-minute conference talk from EuroPython 2018. Learn about the concept of "tainted" data from untrusted sources and how it can reach vulnerable parts of your code. Explore the principles of taint tracking analysis, including sources, sinks, and sanitizers. Watch a live demonstration of finding a cross-site scripting (XSS) vulnerability in a Django app using code analysis tools. Gain insights into writing safer code by thinking in terms of "taint," even without access to sophisticated analysis tools. Understand various security issues like code injection and SQL injection that can be detected through this technique. The talk covers introductory concepts, practical demonstrations, and advanced topics such as flow analysis and tank checking, providing a comprehensive overview of taint tracking for improved code security.

Syllabus

Intro
What is taint
What does taint mean
Sources
Injection
Sanitisation
Code Injection
Other security checks
Demonstration
Flow analysis
Tank checking


Taught by

EuroPython Conference

Related Courses

A Brief History of Data Storage
EuroPython Conference via YouTube Breaking the Stereotype - Evolution & Persistence of Gender Bias in Tech
EuroPython Conference via YouTube We Can Get More from Spatial, GIS, and Public Domain Datasets
EuroPython Conference via YouTube Using NLP to Detect Knots in Protein Structures
EuroPython Conference via YouTube The Challenges of Doing Infra-As-Code Without "The Cloud"
EuroPython Conference via YouTube