June 18, 2016

Bandit with Tim Kelsey, Travis McPeak, and Eric Brown

28 minutes

Summary

Making sure that your code is secure is a difficult task. In this episode we spoke to Eric Brown, Travis McPeak, and Tim Kelsey about their work on the Bandit library, which is a static analysis engine to help you find potential vulnerabilities before your application reaches production. We discussed how it works, how to make it fit your use case, and why it was created. Give the show a listen and then go start scanning your projects!

Brief Introduction

Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.

I would like to thank everyone who has donated to the show. Your contributions help us make the show sustainable. For details on how to support the show you can visit our site at pythonpodcast.com

Linode is sponsoring us this week. Check them out at linode.com/podcastinit and get a $20 credit to try out their fast and reliable Linux virtual servers for your next project. And they just doubled the RAM for their introductory level servers, so that $20 will get you even more performance.

We are also sponsored by Sentry this week. Stop hoping your users will report bugs. Sentry’s real-time tracking gives you insight into production deployments and information to reproduce and fix crashes. Check them out at getsentry.com and use the code podcastinit at signup to get a $50 credit!

Visit our site to subscribe to our show, sign up for our newsletter, read the show notes, and get in touch.

To help other people find the show you can leave a review on iTunes, or Google Play Music, and tell your friends and co-workers

Join our community! Visit discourse.pythonpodcast.com for your opportunity to find out about upcoming guests, suggest questions, and propose show ideas.

Your hosts as usual are Tobias Macey and Chris Patti

Today we’re interviewing Tim Kelsey and Eric Brown about Bandit which is a static analysis engine for finding security vulnerabilities in your Python code.

Interview with Eric Brown, Travis McPeak and Tim Kelsey

Introductions

How did you get introduced to Python? – Chris

What is Bandit and what was the inspiration for creating it? – Tobias

How did you each get involved with the Bandit project? – Tobias

At what stage of the development process would you want to use Bandit? – Tobias

What kinds of analysis does Bandit do on the source code that it is run against? – Tobias

How does it determine whether a particular segment of code is introducing a vulnerability and what means does it use to determine the severity? – Tobias

What does the generated report include and what can be done with that information? – Tobias

What are some of the biggest design and implementation difficulties that have been encountered in the process of creating Bandit? – Tobias

How does bandit compare to similar tools in other languages such as Ruby’s BrakeMan? – Tobias

What are some of the most interesting extensions that you have seen for Bandit? – Tobias

What is on the roadmap for the future of Bandit? – Tobias

Keep In Touch

OpenStack Security IRC

OpenStack Security Weekly Meeting

Tim

Twitter

Travis

Twitter

Picks

Tobias

Toggl

Listener Review of Toggl

Any.do

Tim

IFTTT (If This Then That)

Eric

Slack

Travis

Brilliance Trilogy

Uncharted 4

Risky Business Podcast

The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA

...more

View all episodes

By Tobias Macey

4.4

100100 ratings