Application security is best designed into a system from the start.

Anthony Shaw is doing something about it by creating an editor plugin that actually helps you write more secure application code while you are coding.

On today's Test & Code, Anthony and I discuss his security plugin, but also application security in general, as well as other security components you need to consider.

Security is something every team needs to think about, whether you are a single person team, a small startup, or a large corporation.

Anthony and I also discuss where to start if it's just a few of you, or even just one of you.

Topics include:


Finding security risks while writing code.
What are the risks for your applications.
Thinking about attack surfaces.
Static and dynamic code analysis.
Securing the environment an app is running in.
Tools for scanning live sites for vulnerabilities.
Secret management.
Hashing algorithms.
Authentication systems.
and Anthony's upcoming cPython Internals book.
Special Guest: Anthony Shaw. Sponsored By:Oxylabs: Visit oxylabs.io/testandcode to find out more about their services and to apply for a free trial of their Next-Generation Residential Proxies.Links:Python Security - plugin for PyCharmBanditHack The Box 

101: Application Security - Anthony Shaw

Practical automated testing for software engineers using Python.
Mostly. But also so much more.

Technology

Tech News

Podcasting

Gadgets

Software How-To

Education

Training

Language Courses

Higher Education

K-12

Educational Technology

How To

PyCon US is just around the corner.  I've asked Rob Ludwick to come on the show to discuss how to get the most out of your PyCon experience. There's a lot to do. A lot of activities to juggle, including actual juggling, which is where we start the conversation. Even if you never get a chance to go to PyCon, I hope this interview helps you get a feel for the welcoming aspect of the Python community. I recorded this interview as an episode for one of my other podcasts, Python People. But I think it's got some great pre-conference advice, so I'm sharing it here on Python Test as well. We talk about: 
- Juggling at PyCon
- How to get the most out of PyCon
    - Watching talks
    - Hallway track
    - Open spaces
    - Lightening talks
    - Expo hall / vendor space
    - Poster sessions
    - Job fair
    - A welcoming community
    - Tutorials 
    - Sprints
    - But mostly about the people of Python and PyCon. "Python enables smart people to work faster" - Rob Ludwick

Sponsored by Mailtrap.ioAn Email Delivery Platform that developers love. An email-sending solution with industry-best analytics, SMTP, and email API, SDKs for major programming languages, and 24/7 human support. Try for Free at MAILTRAP.IOSponsored by PyCharm ProUse code PYTEST for 20% off PyCharm Professional at jetbrains.com/pycharmNow with Full Line Code CompletionSee how easy it is to run pytest from PyCharm at pythontest.com/pycharmThe Complete pytest CourseFor the fastest way to learn pytest, go to courses.pythontest.comWhether your new to testing or pytest, or just want to maximize your efficiency and effectiveness when testing.

220: Getting the most out of PyCon, including juggling -  Rob Ludwick

I'm starting a SaaS project using Django, and there are tons of decisions right out of the gate. 
To help me navigate these decisions, I've brought on Cory Zue.   
Cory is the creator of SaaS Pegasus, and has tons of experience with Django. Some of the topics discussed:Building Django applicationsSaaS Pegasusplacecard.meWhat boilerplate projects areDjango cookiecutterCookiecutterWhich database to use, probably PostgreSQLAuthentication choises, probably AllauthDocker, Docker for development, Docker for deploymentDeployment targets / hosting services. Render, Heroku, Fly.io, for PaaS options.Front end frameworks. Bootstrap, Tailwind, DaisyUI, TailwindUIHTMX vs React vs straight Django templatesRocketsFont Awesomeand of course, SaaS Pegasus

Sponsored by Mailtrap.ioAn Email Delivery Platform that developers love. An email-sending solution with industry-best analytics, SMTP, and email API, SDKs for major programming languages, and 24/7 human support. Try for Free at MAILTRAP.IOSponsored by PyCharm ProUse code PYTEST for 20% off PyCharm Professional at jetbrains.com/pycharmNow with Full Line Code CompletionSee how easy it is to run pytest from PyCharm at pythontest.com/pycharmThe Complete pytest CourseFor the fastest way to learn pytest, go to courses.pythontest.comWhether your new to testing or pytest, or just want to maximize your efficiency and effectiveness when testing.

219: Building Django Apps & SaaS Pegasus - Cory Zue

Nicole is a software engineer and writer, and recently wrote about the trade-offs we make when deciding which tests to write and how much testing is enough. We talk about:Balancing schedule vs testingHow much testing is the right about of testingShould code coverage be measured and trackedGood refactoring can reduce code coverageIs it worth testing error conditions?Are rare error codes ok to just monitor?API drift and autospecMitigating riskDeciding what to test and what not to testFocus testing on key money-making features If there's a bug in this part of the code, how much business impact is there?Performance testing needs to approximately match real world workloadsCost of a service breaking vs the cost of creating, maintaining, and running testsKeeping test suites quick to minimize getting distracted
 Links:Too much of a good thing: the trade-off we make with tests Load testing is hard, and the tools are... not great. But why?Yet Another Rust Resource (YARR!)Goodhart's law - "When a measure becomes a target, it ceases to be a good measure"

Sponsored by Mailtrap.ioAn Email Delivery Platform that developers love. An email-sending solution with industry-best analytics, SMTP, and email API, SDKs for major programming languages, and 24/7 human support. Try for Free at MAILTRAP.IOSponsored by PyCharm ProUse code PYTEST for 20% off PyCharm Professional at jetbrains.com/pycharmNow with Full Line Code CompletionSee how easy it is to run pytest from PyCharm at pythontest.com/pycharmThe Complete pytest CourseFor the fastest way to learn pytest, go to courses.pythontest.comWhether your new to testing or pytest, or just want to maximize your efficiency and effectiveness when testing.

218: Balancing test coverage with test costs -  Nicole Tietz-Sokolskaya

If you've ever thought about starting a podcast or a SaaS project, you'll want to listen to this episode.
 
Justin is one of the people who motivated me to get started podcasting. 
He's also running a successful SaaS company, transistor.fm, which hosts this podcast. Topics:PodcastingBuilding new SaaS (software as a service) productsBalancing work, side hustle, and familyGreat places to snowboard in British ColumbiaBTW. This episode was recorded last summer before I switched to transistor.fm.
I'm now on Transistor for most of a year now, and I love it. Links from the show:Transistor.fm - excellent podcast hosting, Justin is a co-founderHow to start a podcast in 2024Podcasts from JustinBuild your SaaS - currentBuild & Launch - an older one, but greatMegaMaker - from 2021 / 2022

Sponsored by Mailtrap.ioAn Email Delivery Platform that developers love. An email-sending solution with industry-best analytics, SMTP, and email API, SDKs for major programming languages, and 24/7 human support. Try for Free at MAILTRAP.IOSponsored by PyCharm ProUse code PYTEST for 20% off PyCharm Professional at jetbrains.com/pycharmNow with Full Line Code CompletionSee how easy it is to run pytest from PyCharm at pythontest.com/pycharmThe Complete pytest CourseFor the fastest way to learn pytest, go to courses.pythontest.comWhether your new to testing or pytest, or just want to maximize your efficiency and effectiveness when testing.

217: Podcasting / SaaS / Work Life Balance - Justin Jackson

Charlie Marsh and team are using Rust to make Python tooling faster.Ruff can take the place of Flake8, isort, and Black, and so much more.uv can take the place of pip, pip-tools, and virtualenvAstral is Charlie's venture backed company, and what they have with `ruff` and `uv` is just the start.Since uv is the newest tool, there's quite a bit of the discussion diving into uv. Links:ruffAstraluv

Sponsored by PyCharm ProUse code PYTEST for 20% off PyCharm Professional at jetbrains.com/pycharmFirst 10 to sign up this month get a free month of AI AssistantSee how easy it is to run pytest from PyCharm at pythontest.com/pycharmThe Complete pytest CourseFor the fastest way to learn pytest, go to courses.pythontest.comWhether your new to testing or pytest, or just want to maximize your efficiency and effectiveness when testing.

101: Application Security - Anthony Shaw

Download our free app to listen on your phone