Re: [SC-L] has any one completed a python security code review`

Tue, 06 Apr 2010 07:05:10 -0700

Matt,
     I have not seen any materials referencing Python nor does Fortify, I beleive, perform scans on it. But looking at the Python package on my Windows box it looks like the Python compliler has C as it's interface to the system. Obtaining the C code then running a scan against it should at least provide some insight into possible Python issues

Regards,
Paul

--- On Mon, 4/5/10, Matt Parsons <mparsons1...@gmail.com> wrote:

From: Matt Parsons <mparsons1...@gmail.com>
Subject: [SC-L] has any one completed a python security code review`
To: SC-L@securecoding.org
Date: Monday, April 5, 2010, 5:08 PM

Has anyone completed a python security code review?  What would you look for besides inputs, outputs and dangerous functions?   Do any of the commercial static code analysis vendors scan that code?  I would think not because python is not compiled at run time like the other languages that static analysis tools can scan.  Any help would be greatly appreciated.  

 

Thanks,

Matt

 

 

Matt Parsons, MSM, CISSP

315-559-3588 Blackberry

817-294-3789 Home office

"Do Good and Fear No Man" 

Fort Worth, Texas

A.K.A The Keyboard Cowboy

mailto:mparsons1...@gmail.com

http://www.parsonsisconsulting.com

http://www.o2-ounceopen.com/o2-power-users/

http://www.linkedin.com/in/parsonsconsulting

http://parsonsisconsulting.blogspot.com/

http://www.vimeo.com/8939668

 

0_0_0_0_250_281_csupload_6117291

 

untitled

 

 

 

 

 

 

 


-----Inline Attachment Follows-----

_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Reply via email to