Secure Coding mailing list archives
has any one completed a python security code review`
From: james.walden at gmail.com (James Walden)
Date: Tue, 6 Apr 2010 09:45:14 -0400
On Mon, Apr 5, 2010 at 12:08 PM, Matt Parsons <mparsons1980 at gmail.com> wrote:
Has anyone completed a python security code review? What would you look for besides inputs, outputs and dangerous functions? Do any of the commercial static code analysis vendors scan that code? I would think not because python is not compiled at run time like the other languages that static analysis tools can scan. Any help would be greatly appreciated.
Static analysis tools can and do scan dynamic languages like python, PHP, and Javascript. Fortify 360 v2.5 can scan Python. There are also free tools for Python, like pylint, pychecker, and pyflakes, but none of them is primarily focused on security. OWASP's Python ESAPI is a good starting point to learn about potential security flaws in Python. James Walden -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://krvw.com/pipermail/sc-l/attachments/20100406/5b639afe/attachment.htm>
Current thread:
- has any one completed a python security code review` Matt Parsons (Apr 05)
- has any one completed a python security code review` Romain Gaucher (Apr 06)
- has any one completed a python security code review` Paul Powenski (Apr 06)
- has any one completed a python security code review` James Walden (Apr 06)
- has any one completed a python security code review` Pascal Meunier (Apr 07)
- has any one completed a python security code review` Florian Weimer (Apr 22)
- <Possible follow-ups>
- has any one completed a python security code review` Peter G. Neumann (Apr 06)
- has any one completed a python security code review` Peter G. Neumann (Apr 08)