13 Never trust input

This chapter covers

Validating Python dependencies with Pipenv
Parsing YAML safely with PyYAML
Parsing XML safely with defusedxml
Preventing DoS attacks, Host header attacks, open redirects, and SQL injection

In this chapter, Mallory wreaks havoc on Alice, Bob, and Charlie with a half dozen attacks. These attacks, and their countermeasures, are not as complicated as the attacks I cover later. Each attack in this chapter follows a pattern: Mallory abuses a system or user with malicious input. These attacks arrive as many different forms of input: package dependencies, YAML, XML, HTTP, and SQL. The goals of these attacks include data corruption, privilege escalation, and unauthorized data access. Input validation is the ...

Get Full Stack Python Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Full Stack Python Security by Dennis Byrne

13 Never trust input

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly