Python support added to Threat Stack's Application Security Monitoring tool

The utility can identify insecure code in production from third-party packages as well as original code.

How Python became the fastest growing programming language in the world Chief Reporter Nick Heath provides an overview of his Python cover story, which charts how the programming language was curated, its early days, and what the future holds for Python.

Threat Stack announced Python support for its Application Security Monitoring product, providing runtime security monitoring for applications. Given the popularity of using third-party libraries in programs, the potential for malicious or insecure code to be exploited on production systems is decently high. Likewise, programming errors made in custom code by programmers on your own team could open the door to exploitation.

Threat Stack's offering is intended to surface vulnerabilities in both scenarios, with an e-learning component for "helping developers learn secure coding practices," as well as identifying and blocking attacks, including cross-site scripting (XSS) and SQL injections, in real time. The company touts the ability of their product to "[put] the application in context with the rest of the stack, allowing users to navigate in a single click from application to the container or host where it is deployed for deeper forensics," in the event an attack is detected, as a key differentiator from other products.

SEE: Getting started with Python: A list of free resources (TechRepublic)

While Python's package library has not been subject to the tumult of NPM, the preeminent package manager for Node.js, there have been noticeable problems over the past year, with three packages identified that contained a backdoor that activates when installed on Linux systems. One year ago, when 12 packages were identified in PyPI with malicious code, this attack relied on typosquatting -- using names such as diango, djago, dajngo, and djanga in place of Django, a popular framework -- to dupe unsuspecting programmers into importing the wrong package.

Given these security issues, and the burgeoning popularity of Python, the need for this type of solution is clear.

For more on Python, check out "Migrating from Python 2 to Python 3: A guide to preparing for the 2020 deadline" and "Python programming language: A cheat sheet" at TechRepublic.

Also see

5.jpg

Image: iStockphoto/DenisKot