Talk Python To Me

#485: Secure coding for Python with SheHacksPurple

Nov 15, 2024

Tonya Janca, also known as SheHacksPurple, is an application security expert passionate about securing software. In this discussion, she shares valuable insights on threat modeling and secure coding practices in Python. Tonya emphasizes the need for early security integration and collaboration in development teams. She highlights the challenges faced by new developers and real-life vulnerabilities like SQL injections. The conversation encourages adopting updated technologies and best practices to build a strong security culture within programming teams.

01:09:28

Creator website

Episode guests

Tonya Janca

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Implementing threat modeling during the design phase significantly mitigates vulnerabilities by identifying potential security threats early in development.

Rigorously validating user input with allow lists at every data handling stage is crucial to prevent vulnerabilities like SQL injection and cross-site scripting.

Using Object-Relational Mapping (ORM) tools enhances application security by abstracting database interactions and safeguarding against SQL injection attacks.

Deep dives

Understanding Threat Modeling

Threat modeling is a critical process that involves brainstorming potential security threats to an application and identifying ways to mitigate them. During a session, a security expert works alongside developers and product owners to discuss what could go wrong in the system architecture. By drawing out the application components and their interactions, the team can evaluate risks such as inadequate authentication or improper data handling. This proactive approach to security during the design phase can significantly reduce vulnerabilities at minimal cost.

Intro

2min

Navigating Secure Coding in Python

13min

Building Security Culture in Development Teams

5min

Navigating Security in Software Development

14min

Insights into New Python Developers and Programming Trends

2min

Secure Coding Essentials

17min

Secure Software Development Practices

13min

Enhancing Security in Python Development

2min

Enhancing Security in Python Frameworks

2min

What do developers need to know about AppSec and building secure software? We have Tanya Janca (AKA SheHacksPurple) on the show to tell us all about it. We talk about what developers should expect from threat modeling events as well as concrete tips for security your apps and services.

Episode sponsors

Posit
Bluehost
Talk Python Courses

Links from the show

Tanya on X: @shehackspurple
She Hacks Purple website: shehackspurple.ca
White House recommends memory safe languages: whitehouse.gov
Python Developer Survey Results: jetbrains.com
Bandit: github.com
Semgrep Academy: academy.semgrep.dev
Watch this episode on YouTube: youtube.com
Episode transcripts: talkpython.fm

--- Stay in touch with us ---
Subscribe to Talk Python on YouTube: youtube.com
Talk Python on Bluesky: @talkpython.fm at bsky.app
Talk Python on Mastodon: talkpython
Michael on Bluesky: @mkennedy.codes at bsky.app
Michael on Mastodon: mkennedy

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Talk Python To Me

#485: Secure coding for Python with SheHacksPurple

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding Threat Modeling

The Importance of Validating User Input

Enhancing Application Security with ORM

Database Security Best Practices

Continuous Learning and Staying Informed

Links from the show

Remember Everything You Learn from Podcasts