python-security
Safeguard articles tagged "python-security" — guides, analysis, and best practices for software supply chain and application security.
71 articles
Python security best practices cheat sheet
A no-fluff cheat sheet of concrete Python security fixes—dependency pinning, pickle/eval risks, PyPI trust signals, and CI gates—with real CVEs and commands.
How to secure Python Flask applications
Flask ships without built-in CSRF, headers, or session hardening. Here's how real CVEs like debug-mode RCE and cookie forgery get exploited—and stopped.
Securing Django applications from common vulnerabilities
Django's secure-by-default reputation hides real gaps: SQL injection via Trunc()/Extract(), ReDoS in Truncator, and misconfigured DEBUG settings still cause incidents.
The ultimate guide to creating a secure Python package
A concrete, numbers-first guide to locking dependencies, signing releases, and scanning for CVEs when building a secure Python package.
Using Python libraries for secure network communication
A look at requests, urllib3, cryptography, and paramiko: real CVEs (Terrapin, header leaks), insecure defaults, and how to pin them safely.
PyPI Malware in 2026: What Changed
PyPI malware today looks less like typosquats and more like AI-assisted campaigns that mimic legitimate maintainers — here's what shifted and how teams are catching it before install.
Python Security Explained
How Python's install-time code execution and open PyPI namespace fuel real supply chain attacks — and what actually reduces the risk.
What is PyPI Security
PyPI security stops typosquats, dependency confusion, and poisoned CI builds before pip install ever runs your code.
PyPI typosquatting and malicious Python packages targetin...
PyPI typosquatting lets attackers slip malicious Python packages into your build with one typo. Real attacks, why PyPI is exposed, and how to stay safe.
FastAPI and Pydantic dependency injection security pitfalls
FastAPI's Depends() and Pydantic's type validation look airtight but hide real bypass patterns — caching bugs, extra="allow" mass assignment, and leaked test overrides.
PyPI malware campaigns targeting machine learning and dat...
PyPI malware ML packages have hit PyTorch and Ultralytics YOLO via dependency confusion and CI/CD compromise. What happened, and how to defend your ML supply chain.
urllib3 CA certificate verification bypass (CVE-2019-11324)
CVE-2019-11324 let urllib3 silently trust unintended CAs during custom certificate validation, undermining pinned-trust and mTLS setups.