When you are developing any application, you need to take the proper precautions regarding security issues that might occur when you deploy your application to production.
If all the security issues in your application are not addressed properly, anyone can hack your application and tamper with the data. Before moving an application to production, you should perform a security testing of the application to ensure that all security-related aspects are properly handled within our application.
Bandit is a Python tool for security testing. It will help you to find the common security issues in your application.
First install this by running the following command:
pip install bandit
Now, you can run the following command to the Bandit tool to perform the security testing:
bandit -r /path/to/code.py
For example, we would use the
requests module to hit Educative and run the security testing for that code.
Let’s take a look at the code now:
import requests data = requests.get("https://www.educative.io/") print(data.status_code)
Now, let’s disable the SSL verification while hitting the Educative website. Take a look at the code below.
import requests data = requests.get("https://www.educative.io/", verify = False) print(data.status_code)
verify = Falseand disabled the SSL verification.
This was just a small example, but it will become very helpful when you run security testing on a full-fledged application.
View all Courses