Learn how to defend your Python code against security flaws using the open-source tool Bandit. Discover common vulnerabilities such as command injection, SQLi, and insecure library usage. Customize Bandit for different workflows, create a Security CI pipeline, and extend its functionality. The course covers topics like command injection, user input, temporary paths, and secure development guidance. This course is suitable for Python developers looking to enhance the security of their code.
Overview
Syllabus
Intro
Bandit
Command Injection
User Input
Temp Paths
TLS
Weak cryptography
promiscuous file permissions
hardcoded credentials
tempfile
run bandit against ansible
ansible prompt
raw input
essential workflow
removing a bug
build a gate
Next steps
Metrics
Secure Development Guidance
Bandit Documentation
Questions
Taught by
Security BSides San Francisco
