Six Python security best practices for developers

Python is a valuable programming language, but using it without proper security best practices puts applications at risk of an attack. Python is a fast, platform-agnostic, and easy-to-learn programming language that is suited for beginners and experienced developers alike. Ever since its first release in 1991, Python has had a constant presence in the computer world and has become a go-to language thanks to its easy-to-understand code and versatility.

Redacting Sensitive Data in 4 Lines of Code

In this tutorial, we’ll demonstrate how easy it is to redact sensitive data and give you a more in-depth look at various redaction techniques, how Nightfall works, and touch upon use cases for redaction techniques. Before we get started, let’s set our Nightfall API key as an environment variable and install our dependencies for our code samples in Python.

Best practices for containerizing Python applications with Docker

From reading many Python Docker container blogs, we’ve found that the majority of posts provide examples of how to containerize a Python application independent of its framework (Django, Flask, Falcon, etc.). For example, you might see something like this: With this Dockerfile, we can build and run a Python Flask application: Two simple steps and it works just fine, right?

Rezilion Validate in Depth: How We Analyze Python Runtime

At Rezilion, we eliminate friction in the DevSecOps process by identifying which vulnerabilities pose an actual risk to an organization. This dynamic approach allows us to filter out unloaded vulnerabilities and reduce the workload of the security and development teams. Because we need to analyze the process we also need to understand its runtime environment (native, c#, java, python, etc.) and based on its runtime, analyze it differently.

Python security best practices cheat sheet

In 2019, Snyk released its first Python cheat sheet. Since then, many aspects of Python security have changed. Using our learnings as a developer security company — as well as Python-specific best practices — we compiled this updated cheat sheet to make sure you keep your Python code secure. And before going any further, I need to give special thanks to Chibo and Daniel for their help with this cheat sheet!

A (soft) introduction to Python dependency management

Python has been deemed as a “simple” language — easy to use and easy to develop scripts to do numerous tasks — from web scraping to automation to building large-scale web applications and even performing data science. However, dependencies are managed quite differently in Python than in other languages, and the myriad options of setting up an environment and package managers only add to the confusion.

Getting started with Snyk for secure Python development

If you’re a Python developer looking to easily secure your applications, you’re in the right place! Snyk helps you secure all the code making up your Python app — your own code, the open source libraries you’re pulling in, your containers, and your infrastructure as code (IaC) — by integrating seamlessly into your existing development workflows.

Python now fully supported in Snyk Code

Earlier this year, we announced the beta support for Python in Snyk Code. This beta period gave us the chance to let customers have access to our extensive collection of Python rules while we finished our knowledge base review and added curated content. We are happy to announce that this work has concluded, and Python is now a fully supported language. 🐍 🎉

Python language support now beta in Snyk Code

Snyk Code now offers beta support for Python 2.x and 3.x projects. You do not have to install or update anything since we added the support to the backend engine and it is available instantly to be used. When a repository is scanned, you will see Python beta results showing up. If you cannot wait for a scheduled rescan, you can manually trigger a scan.

Preventing SQL injections in Python (and other vulnerabilities)

Python is a wonderful language, ideal for beginners, and easy to scale up from starter projects to complex applications for data processing and serving dynamic web pages. But as you increase complexity in your applications, it can be easy to inadvertently introduce potential problems and vulnerabilities. In this article, I will highlight the easiest to miss that can cause the biggest problems, how to avoid them and tools and services that help you save time doing so.