Python support added to Threat Stack’s Application Security Monitoring tool
The utility can identify insecure code in production from third-party packages as well as original code.
Threat Stack announced Python support for its Application Security Monitoring product, providing runtime security monitoring for applications. Given the popularity of using third-party libraries in programs, the potential for malicious or insecure code to be exploited on production systems is decently high. Likewise, programming errors made in custom code by programmers on your own team could open the door to exploitation.
Threat Stack’s offering is intended to surface vulnerabilities in both scenarios, with an e-learning component for “helping developers learn secure coding practices,” as well as identifying and blocking attacks, including cross-site scripting (XSS) and SQL injections, in real time. The company touts the ability of their product to “[put] the application in context with the rest of the stack, allowing users to navigate in a single click from application to the container or host where it is deployed for deeper forensics,” in the event an attack is detected, as a key differentiator from other products.
SEE: Getting started with Python: A list of free resources (TechRepublic)
While Python’s package library has not been subject to the tumult of NPM, the preeminent package manager for Node.js, there have been noticeable problems over the past year, with three packages identified that contained a backdoor that activates when installed on Linux systems. One year ago, when 12 packages were identified in PyPI with malicious code, this attack relied on typosquatting — using names such as diango, djago, dajngo, and djanga in…