Security
21 posts
Bandit's Hardcoded Password Detection: Rules B105-B107 in Practice
Learn how Bandit detects hardcoded passwords in Python code with rules B105, B106, and B107. Includes real examples and secure alternatives.
Bandit Security Rules: Complete Python Vulnerability Guide
Master Python security with this comprehensive guide to Bandit's security rules. Learn what each rule detects and how to fix common vulnerabilities.
Building Your Digital Vault: Secure Document Organization Made Simple
A step-by-step guide to creating a secure, organized digital vault for your important documents: a core family office practice that anyone can implement.
Silos to Shared Libraries: Guide to Inner Source Adoption
Guide for transitioning from team-specific code to shared libraries, covering governance models, security, and standardized development practices.
Secure Coding Practices for Python Library Developers
Beyond tools, what principles guide secure Python library development? Explore essential practices: input validation, least privilege, error handling, and more.
Handling Sensitive Data Securely Within Your Python Library
Handle sensitive data in Python libraries securely. Learn best practices for managing API keys, passwords, PII, and other secrets without exposing them in code.
Dependency Security: Managing Vulnerabilities with pip-audit
Your library relies on packages. Learn how to use pip-audit to scan your dependencies for known security vulnerabilities and keep your users safe.
Bandit Security Rules: Finding Common Python Security Issues
Learn how to use Ruff's Bandit integration to automatically scan your Python code for common security pitfalls through static analysis.
Avoiding Common Pitfalls: Injection Flaws in Python Libraries
Injection flaws aren't just for web apps. See how SQL & command injection affect Python libraries via input handling, and learn crucial prevention techniques.
Investment Review: Jericho Security
Review of my angel investment in Jericho Security, focusing on their AI-powered security training and its alignment with my enterprise cybersecurity thesis.