Safeguard
Tag

python-security

Safeguard articles tagged "python-security" — guides, analysis, and best practices for software supply chain and application security.

71 articles

Application Security

Python security best practices cheat sheet

A no-fluff cheat sheet of concrete Python security fixes—dependency pinning, pickle/eval risks, PyPI trust signals, and CI gates—with real CVEs and commands.

May 28, 20261 min read
Application Security

How to secure Python Flask applications

Flask ships without built-in CSRF, headers, or session hardening. Here's how real CVEs like debug-mode RCE and cookie forgery get exploited—and stopped.

May 25, 20266 min read
Application Security

Securing Django applications from common vulnerabilities

Django's secure-by-default reputation hides real gaps: SQL injection via Trunc()/Extract(), ReDoS in Truncator, and misconfigured DEBUG settings still cause incidents.

May 25, 20266 min read
Application Security

The ultimate guide to creating a secure Python package

A concrete, numbers-first guide to locking dependencies, signing releases, and scanning for CVEs when building a secure Python package.

May 22, 20266 min read
Application Security

Using Python libraries for secure network communication

A look at requests, urllib3, cryptography, and paramiko: real CVEs (Terrapin, header leaks), insecure defaults, and how to pin them safely.

May 21, 20266 min read
Supply Chain

PyPI Malware in 2026: What Changed

PyPI malware today looks less like typosquats and more like AI-assisted campaigns that mimic legitimate maintainers — here's what shifted and how teams are catching it before install.

Mar 11, 20265 min read
Industry Analysis

Python Security Explained

How Python's install-time code execution and open PyPI namespace fuel real supply chain attacks — and what actually reduces the risk.

Feb 24, 20267 min read
Open Source Security

What is PyPI Security

PyPI security stops typosquats, dependency confusion, and poisoned CI builds before pip install ever runs your code.

Feb 8, 20267 min read
Open Source Security

PyPI typosquatting and malicious Python packages targetin...

PyPI typosquatting lets attackers slip malicious Python packages into your build with one typo. Real attacks, why PyPI is exposed, and how to stay safe.

Jan 28, 20267 min read
Regulatory Compliance

FastAPI and Pydantic dependency injection security pitfalls

FastAPI's Depends() and Pydantic's type validation look airtight but hide real bypass patterns — caching bugs, extra="allow" mass assignment, and leaked test overrides.

Jan 26, 20267 min read
Open Source Security

PyPI malware campaigns targeting machine learning and dat...

PyPI malware ML packages have hit PyTorch and Ultralytics YOLO via dependency confusion and CI/CD compromise. What happened, and how to defend your ML supply chain.

Jan 25, 20269 min read
Vulnerability Analysis

urllib3 CA certificate verification bypass (CVE-2019-11324)

CVE-2019-11324 let urllib3 silently trust unintended CAs during custom certificate validation, undermining pinned-trust and mTLS setups.

Dec 31, 20257 min read
python-security (Page 2) — Safeguard Blog