Secure Coding mailing list archives
has any one completed a python security code review`
From: rgaucher at cigital.com (Romain Gaucher)
Date: Tue, 6 Apr 2010 06:09:35 -0400
I heard that the next version of Fortify (might even be released by now) supports Python. Not sure to understand properly the rest of the email but the duck typing isn't a huge problem for static analysis and neither is the fact that it's compiled to bytecode before being executed by a VM... Romain ________________________________ From: sc-l-bounces at securecoding.org [sc-l-bounces at securecoding.org] On Behalf Of Matt Parsons [mparsons1980 at gmail.com] Sent: Monday, April 05, 2010 12:08 PM To: SC-L at securecoding.org Subject: [SC-L] has any one completed a python security code review` Has anyone completed a python security code review? What would you look for besides inputs, outputs and dangerous functions? Do any of the commercial static code analysis vendors scan that code? I would think not because python is not compiled at run time like the other languages that static analysis tools can scan. Any help would be greatly appreciated. Thanks, Matt Matt Parsons, MSM, CISSP 315-559-3588 Blackberry 817-294-3789 Home office "Do Good and Fear No Man" Fort Worth, Texas A.K.A The Keyboard Cowboy mailto:mparsons1980 at gmail.com http://www.parsonsisconsulting.com http://www.o2-ounceopen.com/o2-power-users/ http://www.linkedin.com/in/parsonsconsulting http://parsonsisconsulting.blogspot.com/ http://www.vimeo.com/8939668 [cid:image001.jpg at 01CAD4AF.CF750B00] [cid:image002.jpg at 01CAD4AF.CF750B00] -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 1719 bytes Desc: image001.jpg URL: <http://krvw.com/pipermail/sc-l/attachments/20100406/eb222fac/attachment-0002.jpg> -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 2000 bytes Desc: image002.jpg URL: <http://krvw.com/pipermail/sc-l/attachments/20100406/eb222fac/attachment-0003.jpg>
Current thread:
- has any one completed a python security code review` Matt Parsons (Apr 05)
- has any one completed a python security code review` Romain Gaucher (Apr 06)
- has any one completed a python security code review` Paul Powenski (Apr 06)
- has any one completed a python security code review` James Walden (Apr 06)
- has any one completed a python security code review` Pascal Meunier (Apr 07)
- has any one completed a python security code review` Florian Weimer (Apr 22)
- <Possible follow-ups>
- has any one completed a python security code review` Peter G. Neumann (Apr 06)
- has any one completed a python security code review` Peter G. Neumann (Apr 08)