Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Python

Secure Python URL validation

Everything on the internet has a Uniform Resource Locator (URL) that uniquely identifies it — allowing Internet users to gain access to files and other media. For instance, this article has a unique URL that helps search engine optimization (SEO) crawlers index it for users to find. The first definition of the URL syntax is in the 1994 Request for Comments (RFC) 1738. Since then, the structure of URLs has gone through many revisions to improve their security.

Implementing TLS/SSL in Python

Nowadays, we do virtually everything online: book flights, pay for goods, transfer bank funds, message friends, store documents, and so on. Many things we do require giving out sensitive information like our credit card details and banking information. If a website uses an unsecured network, a malicious hacker can easily steal user information. This is why encryption is so important.

Improving code quality with linting in Python

Python is a growing language. As it evolves and expands, so do the number of tools and development strategies available for working with it. One process that’s become increasingly popular is linting — or checking code for potential problems. With linting, errors in our code will be flagged so we can correct unusual programming practices that might result in problems. Linting is performed while the source code is written and before it’s compiled.

Phony PyPi package imitates known developer

Snyk Security Researchers have been using dynamic analysis techniques to unravel the behaviors of obfuscated malicious packages. A recent interesting finding in the Python Package Index (PyPi) attempted to imitate a known open source developer through identity spoofing. Upon further analysis, the team uncovered that the package, raw-tool, was attempting to hide malicious behavior using base64 encoding, reaching out to malicious servers, and executing obfuscated code.

The dangers of assert in Python

There are many ways to find bugs in Python code: the built-in debugger (pdb), a healthy amount of unit tests, a debugger in an IDE like Pycharm or Visual Studio, try/catch statements, if/else statements, assert statements, or the tried and true practice of covering every inch of your codebase in print() statements like it’s going out of style. Assert statements can help us catch bugs quickly and are far less intrusive than copious amounts of print statements.

How to build a secure WebSocket server in Python

Typically, when a web app needs something from an external server, the client sends a request to that server, the server responds, and the connection is subsequently closed. Consider a web app that shows stock prices. The client must repeatedly request updated prices from the server to provide the latest prices.

Detecting Poisoned Python Packages: CTX and PHPass

The software supply chain remains a weak link for an attacker to exploit and gain access to an organization. According to a report in 2021, supply chain attacks increased by 650%, and some of the attacks have received a lot of limelight, such as SUNBURST in 2020 and Dependency Confusion in 2021.

Under the C: A glance at C/C++ vulnerabilities in Python land

While most developers — myself included — primarily write in higher-level languages like Python or JavaScript, sometimes you need to add in native elements to improve performance or other project aspects. Since these native extension invocations are typically written in C or C++, suddenly a project primarily using JavaScript or Python must also account for potential C/C++ transient dependencies.

Generating fake security data with Python and faker-security

Snyk recently open sourced our faker-security Python package to help anyone working with security data. In this blog post, we’ll briefly go over what this Python package is and how to use it. But first, we’ll get some context for how the factory_boy Python package can be used in combination with faker-security to improve your test-writing experience during development. Note: Some knowledge of Python is helpful for getting the most out of this post.

The ultimate guide to Python pickle

During application development, we often need to persist complex data (like objects) for use in different runtimes. However, maintaining persistence within complex data structures and objects is far from straightforward. In Python, you can use the built-in pickle library to handle this process. Pickle can serialize a Python object into a flat byte stream (pickling) as well as transform a byte stream back into a Python object (unpickling).