🔥Telegram İfşa

#pycon #jupytercon

Python does not implement privilege separation. Once an attacker is able to execute arbitrary Python code, the attacker gets the same privileges that is used to run the program. So use Python Code Audit- an advanced SAST tool nocomplexity.com/codeaudit/ #owasp #pycon #appsec

The random module in Python is not for security or cryptographic purposes, such as generating session tokens or passwords. Use the free SAST Tool: Python Code Audit github.com/nocomplexity/c… To check on use of the random module in code #pycon #owasp #random

Make use of open security Foundations. Check nocomplexity.com/documents/secu… #owasp #CyberSecurity

#pycon #owasp

Radical Open Innovation News: The #PyPSA meets Earth initiative works on open modelling. Check bm-support.org/roi-news-week4… for all innovation news bites. #cop30 #python #programming

PyPitfall: Dependency Chaos and Software Supply Chain Vulnerabilities in Python – A critical review Read nocomplexity.com/pypitfall/ #python #appsec #owasp

Radical Open #Innovation News: The Anti-Ownership Ebook Economy A great read on how Publishers and #Platforms Have Reshaped the Way We Read in the Digital Age. With solutions for getting control back. Check bm-support.org/roi-news-week4… for all news bites. #cop30

Secure Coding Guidelines: Check and use them all! -it's free - See nocomplexity.com/documents/secu… #python #rustprogramming #owasp

Is DySec the Future for securing the Python package repository? Check: nocomplexity.com/dysec-pypi-sec… #pycon #owasp #appsec

#pycon #owasp #appsec

20% Effort, 80% Protection: The Lazy Python Developer’s Guide to Bulletproof Code medium.com/@maikelmardjan… #python #pydata #owasp

Every Python package that is able to dynamically load code is suspicious by default! Use github.com/nocomplexity/c… to check what happens. #pycon #python #owasp #infosec #appsec #programming #sast

To mitigate potential security risks with a balanced budget, security threat modelling is critical. Use the best (free) SAST for Python github.com/nocomplexity/c… #pydata #pycon #owasp

Never do: func_name = input("Enter function to run: ") exec(f"{func_name}()") Using `exec` in Python code is the fastest way to turn your Python script into a remote code execution vulnerability. Read: nocomplexity.com/exec-in-python/ #pycon #appsec #owasp

#pycon #programming #owasp

Python function: def dangerous_calculator(user_input): print(f"Entered: {user_input}") exec(user_input) Someone will do: dangerous_calculator("__import__('os').system('rm -rf /')") Always check code with Python Code Audit! github.com/nocomplexity/c… #pycon #appsec #infosec #risk

Should you use GitLabs Static application security testing (SAST) for Python? Read: nocomplexity.substack.com/p/should-you-u… Spoiler: No! Never trust, always verify so use the number one #FOSS SAST solution, Python Code Audit - github.com/nocomplexity/c… #pydata #pycon