From the course: Secure Coding in Python
Join today to access over 25,600 courses taught by industry experts.
Don't get yourself into a Pickle - Python Tutorial
From the course: Secure Coding in Python
Don't get yourself into a Pickle
It's time to talk about OWASP Top 10 number eight, which is software and data integrity. Now, number eight used to be strictly insecure deserialization, but it's been broadened to include things like downloading without checking integrity of code. Specifically, we're going to look at insecure deserialization, which is part of software and data integrity failures, because Python has a certain vulnerability that needs to be addressed. This vulnerability has to do with the pickle module. The pickle module is used to serialize and deserialize Python objects. Many people will refer to it as Python's JSON, but I think making that comparison overlooks a very risky feature that pickle has. If we head over to Python's pickle documentation, we'll see this big red box, warning us not to use pickle with untrusted data. That is because pickle is susceptible to arbitrary code execution while unpickling. Let me show you exactly what this means for our software. So for this demonstration, we're…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.