Based on photo by Chris Yang on Unsplash

Before we get into how to protect python applications from dependency confusion attacks, we’ll define this new attack vector, give a bit of background, and look at examples.

Dependency Confusion is a new intrusion technique that exploits the way many programming languages handle dependency resolution when projects utilize a mix…

Keep your code safe by avoiding these 6 pitfalls

Based on photo by Sebastian Herrmann on Unsplash


If you’ve spent any time doing automated testing in Python you’re probably familiar with the python assert statement. Assert is incredibly handy in the context of testing. It gives you the ability to test the truthiness of a condition. If the condition is false, an AssertionError is raised. …

What is a “ReDoS” Attack, and how can you make sure your code is safe?

What is DoS?

I’ve covered this in a few earlier posts, but DoS stands for Denial-of-Service. Denial-of-Service is a type of cyber attack technique where the attacker attempts to disrupt the availability of a service, application, or company. DoS attacks generally exist in one of two broad categories, Denial-of-Service (DoS) and Distributed Denial-of-Service…

Why Typosquatting is a Threat to Python Developers and their Companies

Based on Photo by Gwendal Cottin on Unsplash

Imagine this, you’re a developer at Super corp. You’re working on a new web application and you’re planning on building it using Flask. Like many Macbook Pros, your laptop has some keyboard issues. No biggie. Typing like the wind, you try to install flask using pip. …

Why does cloud sprawl happen and how can we control it?

Based on photo by Nicholas Swanson on Unsplash

First, what is cloud sprawl?

Cloud sprawl is the lack of controls against the expansion of an organization’s cloud instances, services or providers.

While instances and services are managed differently than providers, the lack of effective controls on any of these is a cause of concern for organizations.

A lack…

Andrew Scott

Maintainer @OchronaSec | PANW, ex Expanse, ex Tenable | Security & Automation | All views are my own... and awesome

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store