Is your code tainted? Finding security vulnerabilities using taint-tracking.


Follow to receive video recommendations   a   A

“Taint tracking” is a technique used in code analysis to find security vulnerabilities and other problems.

Any data that comes from an untrusted source, for example a HTTP request, is treated as “tainted”. If that “tainted” data is able to reach a vulnerable part of your code, then you have a problem. Sophisticated code analysis tools can track this data, and reveal potential security problems. Examples of the sort of problem that can be found include cross-site scripting (XSS), code injection, SQL injection and others.

In this talk I will show how taint tracking analysis works in practice, introducing the concepts of source, sink and sanitizer. I will then demonstrate using taint tracking to find a XSS vulnerability in a django app. (We will chose a project that is designed to teach django security, where the vulnerability is deliberate.)

I will also explain how thinking in terms of “taint” can help you write safer code, even without access to code analysis.

During this talk I will use the code analysis tools on to demonstrate the analysis. is free to use for open-source projects. A paid version is available.

Editors Note:

I would like to work with open source projects to create a branch of the tree with all of the best videos for your open source project. Please send me an email if you are interested.