Menu
Looking at the CERT Secure Standards (Example: https://www.securecoding.cert.org), there are specific standards, with great examples of what good and bad code looks like, for C, C++, Java, even Perl but not Python. Are there any Python specific standards are guidelines, preferably with examples available?
http://www.pythonsecurity.org/ appears to be focused security concerns in Python itself and on building an alternative Python binary to resolve these. A noble, but not recently active, cause. I'm looking for something that gives guidance to developers on what not to do and what to do instead.
379
Seeing as lot of people are recommending formatting guidelines (PEP8), I have one that is actually for security.
There is a project in OpenStack (very big python based platform), called Bandit. It is a security lint tool.
https://github.com/openstack/bandit
You can run this tool against your own code, or if you wish to learn the inners of secure python coding, then take a look at the examples directory.
97
One place to look at a secure coding standard is
https://vulncat.fortify.com/en
There you have listed coding errors that affect security. It contains many languages, Python being one of those.
I have also been looking for an academic/free secure coding standard for Python. I haven't yet found a good one. I think that SEI CERT should step up and make such a standard. According to their latest webinar on Secure Coding, they are considering this possibility.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
