We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Is your code tainted?

Formal Metadata

Title
Is your code tainted?
Subtitle
Finding security vulnerabilities using taint-tracking
Title of Series
Number of Parts
132
Author
License
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
"Taint tracking" is a technique used in code analysis to find security vulnerabilities and other problems. Any data that comes from an untrusted source, for example a HTTP request, is treated as "tainted". If that "tainted" data is able to reach a vulnerable part of your code, then you have a problem. Sophisticated code analysis tools can track this data, and reveal potential security problems. Examples of the sort of problem that can be found include cross-site scripting (XSS), code injection, SQL injection and others. In this talk I will show how taint tracking analysis works in practice, introducing the concepts of source, sink and sanitizer. I will then demonstrate using taint tracking to find a XSS vulnerability in a django app. (We will chose a project that is designed to teach django security, where the vulnerability is deliberate.) I will also explain how thinking in terms of "taint" can help you write safer code, even without access to code analysis. During this talk I will use the code analysis tools on lgtm.com to demonstrate the analysis. lgtm.com is free to use for open-source projects. A paid version is available.