Are you interested in a career in security using Python? Would you like to stay ahead of potential vulnerabilities in your Python applications? This week on the show, James Pleger talks about Python information security, incident response, and forensics.
James has been doing information security for over fifteen years, working at some of the biggest companies, government agencies, and startups. He shares numerous Python resources to dive into detecting threats and improving your projects.
We discuss how to learn about security topics and get involved in the community. Make sure you check out the massive collection of links in the show notes this week.
Course Spotlight: Exploring HTTPS and Cryptography in Python
In this course, you’ll gain a working knowledge of the various factors that combine to keep communications over the Internet safe. You’ll see concrete examples of how to keep information secure and use cryptography to build your own Python HTTPS application.
00:00:00 – Introduction00:01:28 – How did you find the show?00:02:00 – Evolution of roles in security00:04:09 – Why is Python leveraged in security?00:07:51 – Red team vs blue team00:10:16 – Application security and bug bounties00:13:31 – What’s your background?00:14:07 – Company focus between regulations vs engineering00:18:09 – Ways to get involved and keep learning00:21:56 – Different perspective from computer science 00:23:35 – Red vs blue reprise00:25:07 – Shifting landscape of vulnerabilities00:30:06 – How do you approach tests?00:32:30 – Incident response00:35:54 – Video Course Spotlight00:37:19 – Where does Python come in during an incident?00:43:08 – Crossing into forensic research00:48:43 – Where to practice security research and learn more?00:51:41 – What’s the security community like?00:56:05 – What are you excited about in the world of Python?00:57:53 – What do you want to learn next?01:00:17 – Where can people learn more about what you do?01:00:39 – Thanks and goodbyeSecurity Specific Tools Written in Python:
binwalk: Firmware Analysis Tool | ReFirmLabsbinaryalert: BinaryAlert: Serverless, Real-time & Retroactive Malware Detection | airbnbCuckoo Sandbox - Automated Malware AnalysisYARA - The pattern matching Swiss knife for malware researchersScapy: Python-based interactive packet manipulation program & libraryradare2-bindings: Bindings of the r2 api for Valabind and friendspython-iocextract: Defanged Indicator of Compromise (IOC) Extractor | InQuestyeti: Your Everyday Threat Intelligencecapa: The FLARE team’s open-source tool to identify capabilities in executable filesPDF Tools | Didier StevensIncident Response and Memory Forensics:
volatility: An advanced memory forensics framework | Volatility FoundationFIR: Fast Incident Response | CERT Societe Generale (Computer Emergency Response Team)GRR Rapid Response: Remote live forensics for incident response | GoogleWhat is a Honeypot? How It Can Trap Cyberattackers | CrowdStrikeawesome-honeypots: An awesome list of honeypot resourcesBug Bounty Program List - All Active Programs in 2022 | BugcrowdBug Bounty Program - Complete List | HackerOneTOP Bug Bounty Programs & Websites (Jun 2022 Updated List)Security and Hacking Conferences:
Black Hat USA 2022DEF CON® Hacking Conference HomeChaos Communication Congress - WikipediaCactusConBlue team (computer security) - WikipediaOpen Source Projects for Software Security | OWASP FoundationHackerOne | #1 Trusted Security Platform and Hacker ProgramBugcrowd | Platform Overviewpyinstaller · PyPIWireshark · Go Deep.Python security best practices cheat sheet | SnykPyCharm Python Security Scanner · Actions · GitHub MarketplaceSecurity scanners for Python and Docker: from code to dependenciesBandit — Designed to find common security issues in Python codeblack · PyPIBuild a Site Connectivity Checker in Python – Real PythonKali Linux | Penetration Testing and Ethical Hacking Linux DistributionLevel up your Python skills with our expert-led courses:
Exploring HTTPS and Cryptography in PythonDjango View Authorization: Restricting AccessTesting Your Code With pytest Support the podcast & join our community of Pythonistas