Discover how to identify security vulnerabilities using taint tracking in this 27-minute conference talk from EuroPython 2018. Learn about the concept of "tainted" data from untrusted sources and how it can reach vulnerable parts of your code. Explore the principles of taint tracking analysis, including sources, sinks, and sanitizers. Watch a live demonstration of finding a cross-site scripting (XSS) vulnerability in a Django app using code analysis tools. Gain insights into writing safer code by thinking in terms of "taint," even without access to sophisticated analysis tools. Understand various security issues like code injection and SQL injection that can be detected through this technique. The talk covers introductory concepts, practical demonstrations, and advanced topics such as flow analysis and tank checking, providing a comprehensive overview of taint tracking for improved code security.
Is Your Code Tainted? Finding Security Vulnerabilities Using Taint Tracking
EuroPython Conference via YouTube
Overview
Syllabus
Intro
What is taint
What does taint mean
Sources
Injection
Sanitisation
Code Injection
Other security checks
Demonstration
Flow analysis
Tank checking
Taught by
EuroPython Conference
Related Courses
-
Application Security for Developers
-
Riding the Magical Code Injection Rainbow
-
Taking on the King: Killing Injection Vulnerabilities - APPSEC Cali 2018
-
Injecting Security Into Web Apps With Runtime Patching And Context Learning
-
Be Mean to Your Code - Rugged Development & You
-
Springtime for Code Reviews - Ryan Goltry
