Posts

Showing posts from March, 2018

pyt (python secure code scanner) wrapper

Quick and dirty wrapper as pyt doesn't support scanning directory from first look https://gist.github.com/yehgdotnet/074ab79528ccdac7653bb641beb3b7c5 # https://github.com/python-security/pyt - python secure code scanner @echo off IF %1.==. GOTO No1 IF %2.==. GOTO Missing_Argument set dir=%1 set type=%2 dir /s /b %dir% | find ".py" > source_listing.txt for /F "tokens=*" %%A in (source_listing.txt) do echo. && echo Scanning %%A && pyt -a %type% -f "%%A" GOTO End1 :No1 GOTO Missing_Argument :Missing_Argument @echo. echo Usage: scan.bat source_directory type(Flask, Django,Every or Pylons) @echo. echo e.g. echo scan "example\django.nV" Django GOTO End1 :End1

GitBook Released: Secure Code - PHP

https://yehgdotnet.gitbooks.io/secure-php-codes/content/ This Gitbook serves as ready-to-use one-place reference for PHP secure codes that have been implemented in various sources/frameworks/articles on the web. Copyright and licensing belong to respective owners. If you like to implement them into your commercial products, make sure you check the source and its licensing terms for compliance. Those code samples may not be easy copy-paste. They may require you to include associated functions in header files. Detailed explanations of each attack can be found on OWASP and CWE sites. Hence, this book features only actionable secure codes (In real world of rushing dead-time in DevOps, developers don't have time to deep dive learn security stuffs most of the times). In future,  secure codes for other languages will be extended.  Stay tuned. Regardless of saying a word "secure", those functions may possibly be bypassed or abused. Happy secure coding,