Secure Coding Guidelines for Python

python security secure-coding
rtphokie picture rtphokie · Aug 28, 2015 · Viewed 9.7k times · Source

Looking at the CERT Secure Standards (Example: https://www.securecoding.cert.org), there are specific standards, with great examples of what good and bad code looks like, for C, C++, Java, even Perl but not Python. Are there any Python specific standards are guidelines, preferably with examples available?

http://www.pythonsecurity.org/ appears to be focused security concerns in Python itself and on building an alternative Python binary to resolve these. A noble, but not recently active, cause. I'm looking for something that gives guidance to developers on what not to do and what to do instead.

Answer

devnull picture devnull · Mar 5, 2016

Seeing as lot of people are recommending formatting guidelines (PEP8), I have one that is actually for security.

There is a project in OpenStack (very big python based platform), called Bandit. It is a security lint tool.

https://github.com/openstack/bandit

You can run this tool against your own code, or if you wish to learn the inners of secure python coding, then take a look at the examples directory.

Related questions

Hiding a password in a python script (insecure obfuscation only)

I have got a python script which is creating an ODBC connection. The ODBC connection is generated with a connection string. In this connection string I have to include the username and password for this connection. Is there an easy …

Read More
Securely storing passwords for use in python script

Possible Duplicate: I need to securely store a username and password in Python, what are my options? I am looking for a way to securely store passwords which I intend to use in some Python scripting. I will be logging …

Read More
High quality, simple random password generator

I'm interested in creating a very simple, high (cryptographic) quality random password generator. Is there a better way to do this? import os, random, string length = 13 chars = string.ascii_letters + string.digits + '!@#$%^&*()' random.seed = (os.urandom(1024)) print …

Read More