Finding Python ReDoS bugs at scale using Dlint and r2c

Automating regular expression denial-of-service detection

Bento check: Use jsonify() instead of json.dumps() in Flask

A Bento check for finding json.dumps() in Flask where jsonify() should be used

Bento check: Keeping your cookies safe in Flask

A Bento check detecting insecure cookie settings in Flask

Bento check: Flask template files that aren’t autoescaped by default

A Bento check for detecting possible XSS in unescaped Jinja templates used in Flask

Flask check: send_file() with a file handle

A Flask check to detect use of send_file() without appropriate args

Our quest to make world-class security and bugfinding available to all developers, for free

Introducing Bento, a free and opinionated toolkit for easily adopting linters and program analysis in a codebase

Three things your linter shouldn’t tell you

How we’ve curated our code checks in Bento

DEF CON 27 workshop on finding vulnerabilities at scale

Material from our DEF CON workshop on finding vulnerabilities at ecosystem-scale

Surprising subtleties of Docker permissions

Our unique infrastructure leads to unique challenges related to how Docker interacts with filesystem permissions