djangoproject

https://pyup.io/safety/ Safety checks your dependencies for known #security vulnerabilities. Don't ship insecure code. #Django

https://www.cybrary.it/course/python/ Python for #Security Professionals. This course will take you from basic concepts to advanced scripts in just over 10 hours of material, with a focus on #networking and security.

http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/ #security This should have been obvious to me for a longer time, but until earlier today I did not really realize the severity of the issues caused by str.format on untrusted user input. It came up as a way to bypass the Jinja2 Sandbox in a way that would permit retrieving information that you should not have access to which is why I just pushed out a security release for it. However I think the general issue is quite severe and needs to be a discussed because most people are most likely not aware of how easy it is to exploit.

http://www.aparat.com/v/6qnbm The Hacker Spectrum_Pycon 2016_Parisa Tabriz_“#Security" Parisa Tabriz has worked on information security for over a decade and as a (self-appointed) “Security Princess” of #Google for the last 8+ years. She started as a “hired hacker” software engineer for Google’s security team. As an engineer, she found and closed security holes in many of Google’s products, and taught other engineers how to do the same. https://telegram.me/djangoproject