Talk Python To Me

#485: Secure coding for Python with SheHacksPurple

Nov 15, 2024

Tonya Janca, also known as SheHacksPurple, is an application security expert passionate about securing software. In this discussion, she shares valuable insights on threat modeling and secure coding practices in Python. Tonya emphasizes the need for early security integration and collaboration in development teams. She highlights the challenges faced by new developers and real-life vulnerabilities like SQL injections. The conversation encourages adopting updated technologies and best practices to build a strong security culture within programming teams.

01:09:28

Creator website

Episode guests

Tonya Janca

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Implementing threat modeling during the design phase significantly mitigates vulnerabilities by identifying potential security threats early in development.

Rigorously validating user input with allow lists at every data handling stage is crucial to prevent vulnerabilities like SQL injection and cross-site scripting.

Using Object-Relational Mapping (ORM) tools enhances application security by abstracting database interactions and safeguarding against SQL injection attacks.

Deep dives

Understanding Threat Modeling

Threat modeling is a critical process that involves brainstorming potential security threats to an application and identifying ways to mitigate them. During a session, a security expert works alongside developers and product owners to discuss what could go wrong in the system architecture. By drawing out the application components and their interactions, the team can evaluate risks such as inadequate authentication or improper data handling. This proactive approach to security during the design phase can significantly reduce vulnerabilities at minimal cost.

Intro

2min

Navigating Secure Coding in Python

13min

Building Security Culture in Development Teams

5min

Navigating Security in Software Development

14min

Insights into New Python Developers and Programming Trends

2min

Secure Coding Essentials

17min

Secure Software Development Practices

13min

Enhancing Security in Python Development

2min

Enhancing Security in Python Frameworks

2min

What do developers need to know about AppSec and building secure software? We have Tanya Janca (AKA SheHacksPurple) on the show to tell us all about it. We talk about what developers should expect from threat modeling events as well as concrete tips for security your apps and services.

Episode sponsors

Posit
Bluehost
Talk Python Courses

Links from the show

Tanya on X: @shehackspurple
She Hacks Purple website: shehackspurple.ca
White House recommends memory safe languages: whitehouse.gov
Python Developer Survey Results: jetbrains.com
Bandit: github.com
Semgrep Academy: academy.semgrep.dev
Watch this episode on YouTube: youtube.com
Episode transcripts: talkpython.fm

--- Stay in touch with us ---
Subscribe to Talk Python on YouTube: youtube.com
Talk Python on Bluesky: @talkpython.fm at bsky.app
Talk Python on Mastodon: talkpython
Michael on Bluesky: @mkennedy.codes at bsky.app
Michael on Mastodon: mkennedy

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Talk Python To Me

#485: Secure coding for Python with SheHacksPurple

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding Threat Modeling

The Importance of Validating User Input

Enhancing Application Security with ORM

Database Security Best Practices

Continuous Learning and Staying Informed

Links from the show

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Talk Python To Me

#485: Secure coding for Python with SheHacksPurple

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding Threat Modeling

The Importance of Validating User Input

Enhancing Application Security with ORM

Database Security Best Practices

Continuous Learning and Staying Informed

Links from the show

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights