Summary
Making sure that your code is secure is a difficult task. In this episode we spoke to Eric Brown, Travis McPeak, and Tim Kelsey about their work on the Bandit library, which is a static analysis engine to help you find potential vulnerabilities before your application reaches production. We discussed how it works, how to make it fit your use case, and why it was created. Give the show a listen and then go start scanning your projects!
Brief Introduction
- Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.
- I would like to thank everyone who has donated to the show. Your contributions help us make the show sustainable. For details on how to support the show you can visit our site at pythonpodcast.com
- Linode is sponsoring us this week. Check them out at linode.com/podcastinit and get a $20 credit to try out their fast and reliable Linux virtual servers for your next project. And they just doubled the RAM for their introductory level servers, so that $20 will get you even more performance.
- We are also sponsored by Sentry this week. Stop hoping your users will report bugs. Sentry’s real-time tracking gives you insight into production deployments and information to reproduce and fix crashes. Check them out at getsentry.com and use the code podcastinit at signup to get a $50 credit!
- Visit our site to subscribe to our show, sign up for our newsletter, read the show notes, and get in touch.
- To help other people find the show you can leave a review on iTunes, or Google Play Music, and tell your friends and co-workers
- Join our community! Visit discourse.pythonpodcast.com for your opportunity to find out about upcoming guests, suggest questions, and propose show ideas.
- Your hosts as usual are Tobias Macey and Chris Patti
- Today we’re interviewing Tim Kelsey and Eric Brown about Bandit which is a static analysis engine for finding security vulnerabilities in your Python code.
Use the promo code podcastinit20 to get a $20 credit when you sign up!
Stop hoping your users will report bugs. Sentry’s real-time tracking gives you insight into production deployments and information to reproduce and fix crashes. Use the code podcastinit at signup to get a $50 credit!
Interview with Eric Brown, Travis McPeak and Tim Kelsey
- Introductions
- How did you get introduced to Python? - Chris
- What is Bandit and what was the inspiration for creating it? - Tobias
- How did you each get involved with the Bandit project? - Tobias
- At what stage of the development process would you want to use Bandit? - Tobias
- What kinds of analysis does Bandit do on the source code that it is run against? - Tobias
- How does it determine whether a particular segment of code is introducing a vulnerability and what means does it use to determine the severity? - Tobias
- What does the generated report include and what can be done with that information? - Tobias
- What are some of the biggest design and implementation difficulties that have been encountered in the process of creating Bandit? - Tobias
- How does bandit compare to similar tools in other languages such as Ruby’s BrakeMan? - Tobias
- What are some of the most interesting extensions that you have seen for Bandit? - Tobias
- What is on the roadmap for the future of Bandit? - Tobias
Keep In Touch
Picks
- Tobias
- Tim
- IFTTT (If This Then That)
- Eric
- Travis
The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA
Summary Making sure that your code is secure is a difficult task. In this episode we spoke to Eric Brown, Travis McPeak, and Tim Kelsey about their work on the Bandit library, which is a static analysis engine to help you find potential vulnerabilities before your application reaches production. We discussed how it works, how to make it fit your use case, and why it was created. Give the show a listen and then go start scanning your projects!Brief IntroductionHello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.I would like to thank everyone who has donated to the show. Your contributions help us make the show sustainable. For details on how to support the show you can visit our site at pythonpodcast.comLinode is sponsoring us this week. Check them out at linode.com/podcastinit and get a $20 credit to try out their fast and reliable Linux virtual servers for your next project. And they just doubled the RAM for their introductory level servers, so that $20 will get you even more performance.We are also sponsored by Sentry this week. Stop hoping your users will report bugs. Sentry's real-time tracking gives you insight into production deployments and information to reproduce and fix crashes. Check them out at getsentry.com and use the code podcastinit at signup to get a $50 credit!Visit our site to subscribe to our show, sign up for our newsletter, read the show notes, and get in touch.To help other people find the show you can leave a review on iTunes, or Google Play Music, and tell your friends and co-workersJoin our community! Visit discourse.pythonpodcast.com for your opportunity to find out about upcoming guests, suggest questions, and propose show ideas.Your hosts as usual are Tobias Macey and Chris PattiToday we're interviewing Tim Kelsey and Eric Brown about Bandit which is a static analysis engine for finding security vulnerabilities in your Python code. Use the promo code podcastinit20 to get a $20 credit when you sign up! Stop hoping your users will report bugs. Sentry's real-time tracking gives you insight into production deployments and information to reproduce and fix crashes. Use the code podcastinit at signup to get a $50 credit!Interview with Eric Brown, Travis McPeak and Tim KelseyIntroductionsHow did you get introduced to Python? - ChrisWhat is Bandit and what was the inspiration for creating it? - TobiasHow did you each get involved with the Bandit project? - TobiasAt what stage of the development process would you want to use Bandit? - TobiasWhat kinds of analysis does Bandit do on the source code that it is run against? - TobiasHow does it determine whether a particular segment of code is introducing a vulnerability and what means does it use to determine the severity? - TobiasWhat does the generated report include and what can be done with that information? - TobiasWhat are some of the biggest design and implementation difficulties that have been encountered in the process of creating Bandit? - TobiasHow does bandit compare to similar tools in other languages such as Ruby's BrakeMan? - TobiasWhat are some of the most interesting extensions that you have seen for Bandit? - TobiasWhat is on the roadmap for the future of Bandit? - TobiasKeep In TouchOpenStack Security IRCOpenStack Security Weekly MeetingTimTwitterTravisTwitterPicksTobiasTogglAny.doTimIFTTT (If This Then That)EricSlackTravisBrilliance TrilogyUncharted 4Risky Business PodcastThe intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA