Poison Packages in Python
Don Goodman-Wilson
Speeling is hard, yeah? Python quiz: What’s the difference between these two packages? urllib3 urlib3 Answer: urllib3, with two l’s is the one you meant to use. urlib3 with one…
Browsing Category
Python
18 posts
Stop using pycrypto. Use pycryptodome instead
Paul
As we are still seeing a lot of applications depending on the Python Cryptography Toolkit (aka pycrypto) to manage their cryptography, this is a quick reminder to stop using it. The vulnerability…
Interview: Claudiu Popa – Using Pylint for Python Static Analysis
We are excited to be launching a new series of interviews. The idea is to interview developers and security specialists that make the ecosystem a better place. Today, I’m sitting…
Behind the Scenes: Building a Dynamic Instrumentation Agent for Python
Boris
TL;DR Building a Python Dynamic Instrumentation Agent is no easy task. At Sqreen we’re building an agent based on dynamic instrumentation in order to detect and block security issues inside…
Pyramid Security: announcing our Pyramid framework support for Python
We are pleased to announce the support of Pyramid in the Sqreen Python agent version 1.0.1. (An annoying last minute regression forced us to release a v1.0.1…) It comes with…
Announcing Node.JS + Python support and a new interface
What is Sqreen? Sqreen is an automated and continuous security solution for developers. It protects web applications with no source code modification or traffic redirection. Once deployed, the solution provides…
Embedding JavaScript into Python
Jb
TL; DR: v8.py PyMiniRacer brings a compiled V8 interpreter and a simple interface to the Python community: Our needs Sqreen needs a stable, performant and embeddable JavaScript solution for Python.…
Freeze your Python with str.encode and threads
While working on the sqreen.com Python agent, I discovered a rather nasty, but fun to analyse bug that lead me deep into Python internals. The nasty bug I was working…