python Archives - Include Security Research Blog

Spelunking in Comments and Documentation for Security Footguns

December 2, 2024November 20, 2024 — Alex Leahu

Join us as we explore seemingly safe but deceptively tricky ground in Elixir, Python, and the Golang standard library. We cover officially documented, or at least previously discussed, code functionality that could unexpectedly introduce vulnerabilities. Well-documented behavior is not always what it appears!

Customizing Semgrep Rules for Flask/Django and Other Popular Web Frameworks

July 23, 2021July 22, 2021 — by Ayaz Mammadov & Nick Fox - Technical Review by Kai Z and Grayson Hardaway(r2c)

We customize and use Semgrep a lot during our security assessments at IncludeSec because it helps us quickly locate potential areas of concern within large codebases. Static analysis tools (SAST) such as Semgrep are great for aiding our vulnerability hunting efforts and usually can be tied into Continuous Integration (CI) pipelines to help developers catch … Read more