Secure Coding mailing list archives

has any one completed a python security code review`

From: james.walden at gmail.com (James Walden)
Date: Tue, 6 Apr 2010 09:45:14 -0400

On Mon, Apr 5, 2010 at 12:08 PM, Matt Parsons <mparsons1980 at gmail.com>
wrote:

Has anyone completed a python security code review?  What would
you look for besides inputs, outputs and dangerous functions?
Do any of the commercial static code analysis vendors scan that
code?  I would think not because python is not compiled at run
time like the other languages that static analysis tools can
scan.  Any help would be greatly appreciated.


Static analysis tools can and do scan dynamic languages like
python, PHP, and Javascript.  Fortify 360 v2.5 can scan Python.
There are also free tools for Python, like pylint, pychecker, and
pyflakes, but none of them is primarily focused on security.
OWASP's Python ESAPI is a good starting point to learn about
potential security flaws in Python.

James Walden
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://krvw.com/pipermail/sc-l/attachments/20100406/5b639afe/attachment.htm>

Current thread:

has any one completed a python security code review` Matt Parsons (Apr 05)
- has any one completed a python security code review` Romain Gaucher (Apr 06)
- has any one completed a python security code review` Paul Powenski (Apr 06)
- has any one completed a python security code review` James Walden (Apr 06)
- has any one completed a python security code review` Pascal Meunier (Apr 07)
- has any one completed a python security code review` Florian Weimer (Apr 22)
- <Possible follow-ups>
- has any one completed a python security code review` Peter G. Neumann (Apr 06)
- has any one completed a python security code review` Peter G. Neumann (Apr 08)