pip install distater-waiting-to-happen
Open source packages make our life as developers easier, but with every new dependency you may be getting more than you bargained for. With large data breaches becoming regular occurrences it is time we start taking application security seriously and making part of our day to day lives.
With recent increase of data breaches, it is now more important than ever to really start paying attention to application security. As we introduce more and more open source dependencies into our code bases, performance is no longer the only concern. With every new dependency we are potentially bringing in new vulnerabilities that attackers are waiting to exploit. Even smart, well-intentioned and experienced developers can introduce vulnerable packages. How do you know that the open source package you just added in is not going to cause your customers data ending up for sale on the dark market?
Let’s take a look at some of the recent vulnerabilities in the popular Django packages, understand what they are and how they could be exploited.