Secure Coding mailing list archives
has any one completed a python security code review`
From: ppowenski at yahoo.com (Paul Powenski)
Date: Tue, 6 Apr 2010 04:58:25 -0700 (PDT)
Matt, ???? I have not seen any materials referencing Python nor does Fortify, I beleive, perform scans on it. But looking at the Python package on my Windows box it looks like the Python compliler has C as it's interface to the system. Obtaining the C code then running a scan against it should at least provide some insight into possible Python issues Regards, Paul --- On Mon, 4/5/10, Matt Parsons <mparsons1980 at gmail.com> wrote: From: Matt Parsons <mparsons1980 at gmail.com> Subject: [SC-L] has any one completed a python security code review` To: SC-L at securecoding.org Date: Monday, April 5, 2010, 5:08 PM Has anyone completed a python security code review?? What would you look for besides inputs, outputs and dangerous functions??? Do any of the commercial static code analysis vendors scan that code?? I would think not because python is not compiled at run time like the other languages that static analysis tools can scan.? Any help would be greatly appreciated.?? ? Thanks, Matt ? ? Matt Parsons, MSM, CISSP 315-559-3588 Blackberry 817-294-3789 Home office "Do Good and Fear No Man"? Fort Worth, Texas A.K.A The Keyboard Cowboy mailto:mparsons1980 at gmail.com http://www.parsonsisconsulting.com http://www.o2-ounceopen.com/o2-power-users/ http://www.linkedin.com/in/parsonsconsulting http://parsonsisconsulting.blogspot.com/ http://www.vimeo.com/8939668 ? ? ? ? ? ? ? ? ? -----Inline Attachment Follows----- _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://krvw.com/pipermail/sc-l/attachments/20100406/eedfb2aa/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1719 bytes Desc: not available URL: <http://krvw.com/pipermail/sc-l/attachments/20100406/eedfb2aa/attachment.jpeg> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 2000 bytes Desc: not available URL: <http://krvw.com/pipermail/sc-l/attachments/20100406/eedfb2aa/attachment-0001.jpeg>
Current thread:
- has any one completed a python security code review` Matt Parsons (Apr 05)
- has any one completed a python security code review` Romain Gaucher (Apr 06)
- has any one completed a python security code review` Paul Powenski (Apr 06)
- has any one completed a python security code review` James Walden (Apr 06)
- has any one completed a python security code review` Pascal Meunier (Apr 07)
- has any one completed a python security code review` Florian Weimer (Apr 22)
- <Possible follow-ups>
- has any one completed a python security code review` Peter G. Neumann (Apr 06)
- has any one completed a python security code review` Peter G. Neumann (Apr 08)