Description
Use an automated tool to automatically identify security weaknesses in source code
Targeted Courses
Software Quality Assurance
Activities
Pre-lab Content Dissemination
In this pre-lab acitivty we will understand what security weaknesses are, and how they can be identified using a static analysis tool called Bandit
A secuirty weakness is also referred to as a security vulnerability. It is a coding pattern that violates the property of confidentiality, integrity, or availability. A security vulnerability is a kind of software bug.
Security weaknesses can be indentified using two ways: manual inspection by an expert and automated tools. Today, we will use an automated tool called Bandit. A lot of static analysis tools do exist as listed on the OWASP webpage.
In-class Hands-on Experience
Install Bandit Instructions to Install Bandit
Check instalaltion via bandit -h by going to the terminal Run bandit workshop1.py
Assignment 1 (Post Lab Experience)
Run Bandit against all Python files in the workshop1.zip file
Extract workshop1.zip
Run Bandit by specifying the extracted directory. You will need the -a, -f, -r, and the -o flag Observe the security weaknesses
Report the name of the three most frequent security weaknesses detected by Bandit in a document
