Posts Tagged: security

• Detecting Malicious PyPI Packages: Typosquatting Attacks on requests, urllib3, and pillow

  Detect typosquatting PyPI packages mimicking requests urllib3 pillow: low downloads, suspicious uploaders, few versions. Python supply chain security script queries PyPI API/stats, flags risks. Prevent supply-chain attacks – actionable audit steps, CI integration.

  Mar 15, 2026

  pythonpypityposquattingsecurityrequestsurllib3pillowsupply-chainpip-auditdevsecops

• Flask-Login Session Fixation Vulnerability: How to Regenerate Session IDs After Login

  Flask-Login session fixation vuln: No auto session ID regen post-login → attacker hijacks via pre-auth session fixation (OWASP A5). Fix: session.regenerate() after login_user(). Code, audit, tests. Benchmarks: 0 vuln → secure.

  Mar 15, 2026

  flaskflask-loginsecuritysession-fixationowaspsession-regenerationvulnerabilitypython

• How to Configure Flask Behind Nginx with X-Forwarded-For Headers for GDPR Logging

  Configure Flask behind Nginx to preserve real client IP with X-Forwarded-For headers for GDPR logging. Covers Nginx proxy_set_header, Flask ProxyFix/werkzeug ProxyFix, Gunicorn --forwarded-allow-ips, Docker and Ubuntu setups.

  Mar 15, 2026

  flasknginxx-forwarded-forgdprloggingreverse-proxyproxysecuritypythongunicorndeployment

• How to Verify PGP Signatures for Python Packages Downloaded with pip

  Verify PGP signatures Python packages pip: GPG check PyPI .asc files for cryptography requests wheels. Manual supply chain security beyond pip hashes. Step-by-step gpg --verify guide, key import, troubleshooting. PyPI package signature verification 2026.

  Mar 15, 2026

  pythonpippgpgpgsignaturepypisecuritywheelsupply-chaincryptography

• Implementing Content Security Policy (CSP) Headers in Flask to Prevent XSS

  Implement CSP headers in Flask using @after_request, nonces, and report-only mode to mitigate XSS risks. Covers directives, common violations, and verification.

  Mar 15, 2026

  flaskcspcontent-security-policyxsssecurityheadersowasppythonweb-security

• Implementing OAuth2 with Password Flow in FastAPI: Complete JWT Token Example

  Implement OAuth2 password flow in FastAPI with JWT tokens: secure authentication using PyJWT and passlib, including login endpoint, protected routes, and curl tests with a fake user database.

  Mar 15, 2026

  fastapioauth2passwordjwtpyjwtpasslibauthenticationsecuritypythonapi

• Python 3.12 EOL Timeline: Planning Your Upgrade to Python 3.13 Before Support Ends

  Python 3.12 EOL: Active support ended April 2025, security fixes until Oct 2028. Upgrade to 3.13 guide using mise/asdf/uv: timelines, steps, compatibility, new features.

  Mar 15, 2026

  pythoneolpython-3.12python-3.13upgrademiseasdfversion-managementsecuritydependency-lock

• Securing Your Python Supply Chain: Scanning poetry.lock for Compromised Maintainers

  A script to check poetry.lock files for packages maintained by known compromised PyPI accounts. Queries PyPI API and cross-references a curated list; suitable for CI/CD integration.

  Mar 15, 2026

  pythonpoetrypoetry.locksupply-chain-securitypypimaintainerscompromiseddevsecopssecurityaudit

• Security & Vulnerabilities (CVEs, pip-audit, safety): Python Dependency Auditing Guide

  Secure your Python projects: Detect CVEs in dependencies using pip-audit and safety CLI. Installation, usage examples, benchmarks, CI integration for requirements.txt, Poetry, uv. Fix vulnerabilities fast – pip-audit tutorial, safety check best practices 2026.

  Mar 15, 2026

  pythonsecurityvulnerabilitiescvepip-auditsafetydependency-securitydevsecopspip-tools