Not using autoescape in jinja2 makes your vulnerable to XSS attacks. Always use autoescape=True in your Jinja2 environment
Posts with "code analysis"
Unsafe deserialization can cause an attack and compromise your system. You need to check your Python code to make sure you avoid them.
The Python SSL module gives a false sense of security and must be used carefully.
The subprocess Python module may introduce OS injection vulnerabilities, which is a serious security concern. Do not use shell=True or mitidate the issue by checking the function input.
Using eval() in Python introduces security issues in your Python code. We present how to avoid and fix unsafe and insecure uses of eval()
Not using a timeout with the requests library may have performance consequences for your program. Lean how to avoid them.
The Codiga Team is rethinking how static code analysis is done today and planning to deliver a new static code analyzer in the coming months.
Static Application Security Testing (or SAST) tools find security vulnerabilities in your source code at different stages of the Software Development Lifecycle. We explain how SAST help you build secure and robust applications and when to use it.