Assert

If you’ve spent any time doing automated testing in Python you’re probably familiar with the python assert statement. Assert is incredibly handy in the context of testing. It gives you the ability to test the truthiness of a condition. If the condition is false, an AssertionError is raised. This AssertionError is then caught by the testing framework and they are returned to the user as failures.

Since these statements work so well in testing, given their simple invocation and readability, you might be tempted to use them in your production python code. This would be a big mistake.

Assert should…

Let’s start with an analogy

In today’s world, building applications is a lot like building a house. If you’re building a house, you start by going to a store and purchasing materials that serve as the foundation of your house. For simplicity, let’s take windows, doors, and countertops as an example. After you purchase these materials and begin construction, you’ll consider things like:

• Will the door open to the left or right?
• Will the window face north or south?
• Will the countertop go in the center of the kitchen or against the wall?

In other words, you (the builder), are…

If you’re a heavy python user you’ve probably come across the pickle module from the standard library at some point. You may have even heard that this library is dangerous. This post will take a look at how pickle works (at a high level), what the risks are, and risk prevention strategies.

What is Pickle?

What is DoS?

I’ve covered this in a few earlier posts, but DoS stands for Denial-of-Service. Denial-of-Service is a type of cyber attack technique where the attacker attempts to disrupt the availability of a service, application, or company. DoS attacks generally exist in one of two broad categories, Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS). Both have the same general intent in mind, but they take very different forms. Within the DoS there are a Network based attacks and Application based attacks.

Application layer attacks, also sometime called Layer 7 attacks, involve putting operational strain on the software serving the requests in such a…

The Setup

Imagine this, you’re a developer at Super corp. You’re working on a new web application and you’re planning on building it using Flask. Like many Macbook Pros, your laptop has some keyboard issues. No biggie. Typing like the wind, you try to install flask using pip. However, instead of typing pip install flask you end up with pip install flaskk.

The install completes in just a second, but you notice the typo. You uninstall flaskk and give the install a second try with the appropriate number of k’s. …

I’ve always been fascinated by how other Cybersecurity professionals ended up in their roles. For some it was a childhood dream to be a hacker (or catch hackers) after watching an old school hacker movie, others fell into roles organically after a career in enterprise IT, and if we’re being honest, some are in it for the money. With record shortages in skilled security personnel, the field is growing with more and more diverse people with different backgrounds.

I’ve always enjoyed my own origin story (though I may be biased), partially because it was so unexpected. Here it is.

Notice…

First, what is cloud sprawl?

Cloud sprawl is the lack of controls against the expansion of an organization’s cloud instances, services or providers.

What are the dangers?

While instances and services are managed differently than providers, the lack of effective controls on any of these is a cause of concern for organizations.

A lack of visibility and control around the volume and types of instances and services offered by a Cloud Service Provider (CSP) is dangerous from a cost perspective as any unnecessary or untracked usage that is not contained can pose a serious financial burden. …

If you’ve done much Python development you’re probably familiar with importing dependencies using pip, or even easy_install, if you’ve been at this for awhile. Whether you were aware of it or not, these dependencies likely came from the public Python Package Index (PyPI) or perhaps an internal mirror of the PyPi repository that is hosted by your company.

What you may not have been aware of is how these dependencies are actually packaged, delivered, and installed, and the differences between the different distribution types available for Python.

The Primary Distribution Types

There are two primary distribution types in use today, Built Distributions and Source…