has any one completed a python security code review`

[rgaucher at cigital.com (Romain Gaucher)]

I heard that the next version of Fortify (might even be released by now) supports Python. Not sure to understand 
properly the rest of the email but the duck typing isn't a huge problem for static analysis and neither is the fact 
that it's compiled to bytecode before being executed by a VM...

Romain

________________________________
From: sc-l-bounces at securecoding.org [sc-l-bounces at securecoding.org] On Behalf Of Matt Parsons [mparsons1980 at 
gmail.com]
Sent: Monday, April 05, 2010 12:08 PM
To: SC-L at securecoding.org
Subject: [SC-L] has any one completed a python security code review`

Has anyone completed a python security code review?  What would you look for besides inputs, outputs and dangerous 
functions?   Do any of the commercial static code analysis vendors scan that code?  I would think not because python is 
not compiled at run time like the other languages that static analysis tools can scan.  Any help would be greatly 
appreciated.

Thanks,
Matt


Matt Parsons, MSM, CISSP
315-559-3588 Blackberry
817-294-3789 Home office
"Do Good and Fear No Man"
Fort Worth, Texas
A.K.A The Keyboard Cowboy
mailto:mparsons1980 at gmail.com
http://www.parsonsisconsulting.com
http://www.o2-ounceopen.com/o2-power-users/
http://www.linkedin.com/in/parsonsconsulting
http://parsonsisconsulting.blogspot.com/
http://www.vimeo.com/8939668

[cid:image001.jpg at 01CAD4AF.CF750B00]

[cid:image002.jpg at 01CAD4AF.CF750B00]







-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1719 bytes
Desc: image001.jpg
URL: <http://krvw.com/pipermail/sc-l/attachments/20100406/eb222fac/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 2000 bytes
Desc: image002.jpg
URL: <http://krvw.com/pipermail/sc-l/attachments/20100406/eb222fac/attachment-0003.jpg>