Julien Delange • Tuesday, October 25, 2022
Python: random is not so random (CWE-330)
The random module does not produce too random values and should be often replaced by the secrets module.
Read more • 4 min. read
← All posts
Posts with "engineering"
Julien Delange • Sunday, October 23, 2022
How Codiga migrated from Intel to Graviton in AWS
Migrating from an Intel architecture to Graviton in AWS brings some cost benefits. We explained how we migrated all our infrastructure.
Read more • 9 min. read
Julien Delange • Thursday, October 20, 2022
Present SQL injection in Python (CWE-89)
SQL Injections is one of the most common vulnerability. Prevent SQL injections with code analysis in your IDE.
Read more • 5 min. read
Julien Delange • Wednesday, October 19, 2022
Python Jinja2: always autoescape to avoid XSS attacks
Not using autoescape in jinja2 makes your vulnerable to XSS attacks. Always use autoescape=True in your Jinja2 environment
Read more • 4 min. read
Julien Delange • Tuesday, October 18, 2022
Unsafe Deserialization in Python (CWE-502)
Unsafe deserialization can cause an attack and compromise your system. You need to check your Python code to make sure you avoid them.
Read more • 5 min. read
Julien Delange • Monday, October 17, 2022
SSL module in Python: stay secure!
The Python SSL module gives a false sense of security and must be used carefully.
Read more • 4 min. read
Julien Delange • Sunday, October 16, 2022
Secure Python Code: safe usage of the subprocess module
The subprocess Python module may introduce OS injection vulnerabilities, which is a serious security concern. Do not use shell=True or mitidate the issue by checking the function input.
Read more • 5 min. read
Julien Delange • Saturday, October 15, 2022
Safe and Secure Python Code: don’t use eval()
Using eval() in Python introduces security issues in your Python code. We present how to avoid and fix unsafe and insecure uses of eval()
Read more • 4 min. read