Summary
Making sure that your code is secure is a difficult task. In this episode we spoke to Eric Brown, Travis McPeak, and Tim Kelsey about their work on the Bandit library, which is a static analysis engine to help you find potential vulnerabilities before your application reaches production. We discussed how it works, how to make it fit your use case, and why it was created. Give the show a listen and then go start scanning your projects!
Brief Introduction
Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.I would like to thank everyone who has donated to the show. Your contributions help us make the show sustainable. For details on how to support the show you can visit our site at pythonpodcast.comLinode is sponsoring us this week. Check them out at linode.com/podcastinit and get a $20 credit to try out their fast and reliable Linux virtual servers for your next project. And they just doubled the RAM for their introductory level servers, so that $20 will get you even more performance.We are also sponsored by Sentry this week. Stop hoping your users will report bugs. Sentry’s real-time tracking gives you insight into production deployments and information to reproduce and fix crashes. Check them out at getsentry.com and use the code podcastinit at signup to get a $50 credit!Visit our site to subscribe to our show, sign up for our newsletter, read the show notes, and get in touch.To help other people find the show you can leave a review on iTunes, or Google Play Music, and tell your friends and co-workersJoin our community! Visit discourse.pythonpodcast.com for your opportunity to find out about upcoming guests, suggest questions, and propose show ideas.Your hosts as usual are Tobias Macey and Chris PattiToday we’re interviewing Tim Kelsey and Eric Brown about Bandit which is a static analysis engine for finding security vulnerabilities in your Python code.Interview with Eric Brown, Travis McPeak and Tim Kelsey
IntroductionsHow did you get introduced to Python? – ChrisWhat is Bandit and what was the inspiration for creating it? – TobiasHow did you each get involved with the Bandit project? – TobiasAt what stage of the development process would you want to use Bandit? – TobiasWhat kinds of analysis does Bandit do on the source code that it is run against? – TobiasHow does it determine whether a particular segment of code is introducing a vulnerability and what means does it use to determine the severity? – TobiasWhat does the generated report include and what can be done with that information? – TobiasWhat are some of the biggest design and implementation difficulties that have been encountered in the process of creating Bandit? – TobiasHow does bandit compare to similar tools in other languages such as Ruby’s BrakeMan? – TobiasWhat are some of the most interesting extensions that you have seen for Bandit? – TobiasWhat is on the roadmap for the future of Bandit? – TobiasKeep In Touch
OpenStack Security IRCOpenStack Security Weekly MeetingTimTwitterTwitterPicks
TobiasTogglListener Review of TogglAny.do
IFTTT (If This Then That)SlackBrilliance TrilogyUncharted 4Risky Business PodcastThe intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA