When Bandit(s) Strike - Defend your Python Code

Presented at BSidesSF 2017, Feb. 13, 2017, 1:30 p.m. (30 minutes)

Bandit is an open-source tool designed to discover common security flaws in Python code.  Although Bandit was originally developed to find issues in OpenStack (a large open-source cloud platform) it has since been adopted by many Python developers outside of OpenStack.  It has found dozens of critical security issues including: command injection, SQLi, insecure temporary file usage, and usage of insecure libraries.  Join Travis McPeak, one of the core developers on the Bandit project to find out: how Bandit works, how to customize it for different workflows, how to create a Security CI pipeline with Bandit, and even how to extend it.

Presenters:

• Travis McPeak - Sr. Security Engineer - Netflix
  Travis McPeak is a Sr. Security Engineer at Netflix. He is a core developer of the Bandit, Repokid, and Aardvark projects. In his spare time he loves travel, snowboarding, and quality food/beer.

Links:

• https://bsidessf2017.sched.com/event/9ILa/when-bandits-strike-defend-your-python-code

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Python 3: It’s Time
• ShmooCon IX (2013) / Openstack Security Brief
• Black Hat USA 2014 / OpenStack Cloud at Yahoo Scale: How to Avoid Disaster