The Real Python Podcast

Getting Started in Python Cybersecurity and Forensics

Listen Later

Are you interested in a career in security using Python? Would you like to stay ahead of potential vulnerabilities in your Python applications? This week on the show, James Pleger talks about Python information security, incident response, and forensics.

James has been doing information security for over fifteen years, working at some of the biggest companies, government agencies, and startups. He shares numerous Python resources to dive into detecting threats and improving your projects.

We discuss how to learn about security topics and get involved in the community. Make sure you check out the massive collection of links in the show notes this week.

Course Spotlight: Exploring HTTPS and Cryptography in Python

In this course, you’ll gain a working knowledge of the various factors that combine to keep communications over the Internet safe. You’ll see concrete examples of how to keep information secure and use cryptography to build your own Python HTTPS application.

Topics:

  • 00:00:00 – Introduction
  • 00:01:28 – How did you find the show?
  • 00:02:00 – Evolution of roles in security
  • 00:04:09 – Why is Python leveraged in security?
  • 00:07:51 – Red team vs blue team
  • 00:10:16 – Application security and bug bounties
  • 00:13:31 – What’s your background?
  • 00:14:07 – Company focus between regulations vs engineering
  • 00:18:09 – Ways to get involved and keep learning
  • 00:21:56 – Different perspective from computer science
  • 00:23:35 – Red vs blue reprise
  • 00:25:07 – Shifting landscape of vulnerabilities
  • 00:30:06 – How do you approach tests?
  • 00:32:30 – Incident response
  • 00:35:54 – Video Course Spotlight
  • 00:37:19 – Where does Python come in during an incident?
  • 00:43:08 – Crossing into forensic research
  • 00:48:43 – Where to practice security research and learn more?
  • 00:51:41 – What’s the security community like?
  • 00:56:05 – What are you excited about in the world of Python?
  • 00:57:53 – What do you want to learn next?
  • 01:00:17 – Where can people learn more about what you do?
  • 01:00:39 – Thanks and goodbye

    • Security Specific Tools Written in Python:

    • binwalk: Firmware Analysis Tool | ReFirmLabs
    • binaryalert: BinaryAlert: Serverless, Real-time & Retroactive Malware Detection | airbnb
    • Cuckoo Sandbox - Automated Malware Analysis
    • YARA - The pattern matching Swiss knife for malware researchers
    • Scapy: Python-based interactive packet manipulation program & library
    • radare2-bindings: Bindings of the r2 api for Valabind and friends
    • python-iocextract: Defanged Indicator of Compromise (IOC) Extractor | InQuest
    • yeti: Your Everyday Threat Intelligence
    • capa: The FLARE team’s open-source tool to identify capabilities in executable files
    • PDF Tools | Didier Stevens

      • Incident Response and Memory Forensics:

      • volatility: An advanced memory forensics framework | Volatility Foundation
      • FIR: Fast Incident Response | CERT Societe Generale (Computer Emergency Response Team)
      • GRR Rapid Response: Remote live forensics for incident response | Google

        • Honeypot Resources:

        • What is a Honeypot? How It Can Trap Cyberattackers | CrowdStrike
        • awesome-honeypots: An awesome list of honeypot resources

          • Bug Bounty Programs:

          • Bug Bounty Program List - All Active Programs in 2022 | Bugcrowd
          • Bug Bounty Program - Complete List | HackerOne
          • TOP Bug Bounty Programs & Websites (Jun 2022 Updated List)

            • Security and Hacking Conferences:

            • Black Hat USA 2022
            • DEF CON® Hacking Conference Home
            • Chaos Communication Congress - Wikipedia
            • CactusCon

              • Additional Links:

              • Blue team (computer security) - Wikipedia
              • Open Source Projects for Software Security | OWASP Foundation
              • HackerOne | #1 Trusted Security Platform and Hacker Program
              • Bugcrowd | Platform Overview
              • pyinstaller · PyPI
              • Wireshark · Go Deep.
              • Python security best practices cheat sheet | Snyk
              • PyCharm Python Security Scanner · Actions · GitHub Marketplace
              • Security scanners for Python and Docker: from code to dependencies
              • Bandit — Designed to find common security issues in Python code
              • black · PyPI
              • Build a Site Connectivity Checker in Python – Real Python
              • Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution

                • Level up your Python skills with our expert-led courses:

                • Exploring HTTPS and Cryptography in Python
                • Django View Authorization: Restricting Access
                • Testing Your Code With pytest

                  • Support the podcast & join our community of Pythonistas

                  ...more
                  View all episodesView all episodes
                  Download on the App Store
                  The Real Python PodcastBy Real Python
                  • 4.7
                  • 4.7
                  • 4.7
                  • 4.7
                  • 4.7

                  4.7

                  139 ratings

                  More shows like The Real Python Podcast

                  View all
                  The Changelog: Software Development, Open Source by Changelog Media

                  The Changelog: Software Development, Open Source

                  288 Listeners

                  Software Engineering Daily by Software Engineering Daily

                  Software Engineering Daily

                  625 Listeners

                  Talk Python To Me by Michael Kennedy

                  Talk Python To Me

                  579 Listeners

                  Soft Skills Engineering by Jamison Dance and Dave Smith

                  Soft Skills Engineering

                  289 Listeners

                  Super Data Science: ML & AI Podcast with Jon Krohn by Jon Krohn

                  Super Data Science: ML & AI Podcast with Jon Krohn

                  302 Listeners

                  Python Bytes by Michael Kennedy and Brian Okken

                  Python Bytes

                  213 Listeners

                  Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

                  Syntax - Tasty Web Development Treats

                  988 Listeners

                  Darknet Diaries by Jack Rhysider

                  Darknet Diaries

                  8,088 Listeners

                  Tech Brew Ride Home by Morning Brew

                  Tech Brew Ride Home

                  969 Listeners

                  Practical AI by Practical AI LLC

                  Practical AI

                  200 Listeners

                  AWS Podcast by Amazon Web Services

                  AWS Podcast

                  207 Listeners

                  Django Chat by William Vincent and Carlton Gibson

                  Django Chat

                  75 Listeners

                  Last Week in AI by Skynet Today

                  Last Week in AI

                  310 Listeners

                  Machine Learning Street Talk (MLST) by Machine Learning Street Talk (MLST)

                  Machine Learning Street Talk (MLST)

                  100 Listeners

                  The Pragmatic Engineer by Gergely Orosz

                  The Pragmatic Engineer

                  70 Listeners