Is your code tainted? Finding security vulnerabilities using taint-tracking.
[EuroPython 2018 - Talk - 2018-07-26 - Kilsyth]
[Edinburgh, UK]
By Mark Shannon
"Taint tracking" is a technique used in code analysis to find security vulnerabilities and other problems.
Any data that comes from an untrusted source, for example a HTTP request, is treated as "tainted".
If that "tainted" data is able to reach a vulnerable part of your code, then you have a problem.
Sophisticated code analysis tools can track this data, and reveal potential security problems.
Examples of the sort of problem that can be found include cross-site scripting (XSS), code injection, SQL injection and others.
In this talk I will show how taint tracking analysis works in practice, introducing the concepts of source, sink and sanitizer.
I will then demonstrate using taint tracking to find a XSS vulnerability in a django app.
(We will chose a project that is designed to teach django security, where the vulnerability is deliberate.)
I will also explain how thinking in terms of "taint" can help you write safer code,
even without access to code analysis.
During this talk I will use the code analysis tools on lgtm.com to demonstrate the analysis.
lgtm.com is free to use for open-source projects. A paid version is available.
License: This video is licensed under the CC BY-NC-SA 3.0 license: https://creativecommons.org/licenses/by-nc-sa/3.0/
Please see our speaker release agreement for details: https://ep2018.europython.eu/en/speaker-release-agreement/
