In the age of DevOps, application security is an increasing concern for organizations. But attention on application-specific security bugs is comparatively low. We have extensive online security scanners for testing online threats, but they are not so effective for detecting security vulnerabilities that are application-specific in Python, Node.js and more.
In Python, we can create a prototype in a few minutes, whereas it can take days in other languages. Python’s core programming is secure, but the third-party components used for developing an application may not be. Hence we require a security scanner for checking if there are any vulnerabilities or bugs. It’s mandatory for all Python or Django developers who are working with huge databases containing highly secured data.
High Risk Python Security Vulnerabilities
Here are the types of security vulnerabilities that Python developers should be concerned with:
SQL Injections (SQLi)
A malicious user controls the execution of SQL statements for an application at the backend database server. There are four sub-classes in SQLi:
- In-band SQL Injection / Classic SQLi
- Inferential / Blind SQL injection
- DBMS SQLi
- Compounded SQLi (Eg: Strom Worn)
- SQLi with inadequate authentication
- SQLi with DDoS attacks
- SQLi with DNS hijacking
- SQLi with XSS
Cross Site Scripting (XSS)
In XSS, a malevolent user can trick any web application to steal stored cookies, saved passwords, and script code that served unsuspecting users of that application.
Cross Site Request Forgery (CSRF)
This security vulnerability occurs when a compromised website is forced to perform an action by another logged-in user like clicking on a button. Also, it includes the hacking or logging into of a website with others’ login credentials.
LDAP (Lightweight Directory Access Protocol) Injections
This vulnerability occurs when a malicious user inserts/modifies LDAP statements that lead to speculations.
Here, a malicious user executes (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/digging-for-security-bugs-vulnerabilities-in-python-applications/