Blogs

Python 3.13: A Major Step Forward for Python Developers Released on October 7, 2024, Python 3.13 brings several high-impact enhancements—most notably a modernized REPL, experimental performance features, improved developer ergonomics, and valuable standard library upgrades. Real Python Python.org 1. A Smarter, More User-Friendly REPL Python 3.13’s interactive interpreter (REPL) is a substantial quality-of-life improvement: Block-level editing and history: Now, up-arrow lets you recall entire code blocks—no more juggling line-by-line history. ...

HTTP Request Smuggling (HRS) is a powerful web application vulnerability that exploits discrepancies in how different servers or intermediaries parse and handle HTTP requests. This misalignment can allow an attacker to “smuggle” a malicious request through a front-end server (such as a load balancer, proxy, or CDN) so that it is interpreted differently by the back-end server. How HTTP Request Smuggling Works Modern web applications often rely on chains of intermediaries — proxies, reverse proxies, CDNs, and application servers. These components must all agree on where one HTTP request ends and the next begins. If they disagree, attackers can craft specially malformed requests that cause desynchronization. ...

Server-Side Request Forgery (SSRF) is a type of security vulnerability that allows an attacker to send crafted requests from a vulnerable server to internal or external resources. This can lead to unauthorized access to sensitive data, manipulation of server behavior, or even exploitation of other services within the network. SSRF exploits the trust that a server has in its own requests, allowing attackers to leverage this trust to perform actions that would typically be restricted. ...

Defending Your Web Applications Against Server-Side Request Forgery (SSRF) Attacks In today’s interconnected digital landscape, web applications face a myriad of security threats. One often overlooked but potentially devastating vulnerability is Server-Side Request Forgery (SSRF). Did you know that, according to a recent report, SSRF attacks have increased by a staggering 270% in the past year alone? In this blog post, we’ll dive into what SSRF is, how it can impact your web applications, and most importantly, the steps you can take to defend against these insidious attacks. ...

The Python community never ceases to innovate. One of the most recent additions to Python’s vast feature set is “subinterpreters”. As the name suggests, subinterpreters provide a way to run multiple isolated Python interpreters within a single process. Let’s dive deeper into this novel concept and discuss its advantages and potential use cases. What are Subinterpreters? At a high level, each subinterpreter in Python has its own distinct memory space and execution state. This means that objects and modules created within one subinterpreter aren’t directly accessible from another. Imagine them as isolated rooms in the large house of the Python process, each running its own Python code, but unable to peek into the other rooms. ...

GitHub Copilot is an AI-powered coding assistant developed by GitHub in collaboration with OpenAI. It uses machine learning algorithms to assist developers in writing code by suggesting code snippets based on the context of the code being written. This powerful tool has the ability to autocomplete code, provide inline documentation, and generate entire functions, making coding easier and more efficient. GitHub Copilot is built on top of OpenAI’s GPT-3 language model, which has been trained on a vast amount of data from a variety of sources, including code repositories, documentation, and programming languages. With this vast amount of data, GitHub Copilot can understand the context of the code being written and provide relevant suggestions in real time. ...

Python is a powerful language with a rich set of libraries, making it an excellent choice for web scraping, automation, and data analysis. One such library is the Requests library, which makes it easy to make HTTP requests and handle HTTP responses in Python. In this blog post, we will explore how to get started with using the Requests library in Python. Installation The first step to using the Requests library is to install it. The easiest way to do this is using pip, Python’s package manager. Open a terminal or command prompt and run the following command: ...

Common Weakness Enumeration (CWE) is a system that identifies and categorizes common software and hardware vulnerabilities. It provides a standardized way of describing and categorizing these weaknesses, making it easier for developers, security analysts, and other professionals to understand, discuss, and address them. CWE was developed by the MITRE Corporation, a nonprofit organization that operates research and development centers sponsored by the U.S. government. It includes a comprehensive list of known security weaknesses, organized into categories based on the type of vulnerability. ...

Python is an incredibly powerful and versatile language, loved by millions of developers worldwide. One of its most useful features is its ability to manipulate and extract data from lists with ease and elegance. In this blog post, we’ll dive deep into the concept of list slicing in Python, exploring its syntax and various use cases to help you level up your coding skills. Understanding List Slicing List slicing is a technique used to extract a portion or “slice” of a list in Python. It allows you to access specific elements, ranges, or even to skip through items in a list with ease. The syntax for list slicing is quite simple: ...

The ‘in’ operator is a built-in Python keyword that is both simple and powerful. This keyword allows you to check whether a given element is present in an iterable data structure, such as a list, tuple, set, or dictionary. In this blog post, we’ll explore the different use cases of the ‘in’ operator and how to implement it effectively in your Python code. Using ‘in’ with Lists and Tuples Lists and tuples are ordered, mutable, and immutable collections of elements, respectively. The ‘in’ operator can be used to check if a specific value exists in a list or tuple. Here’s an example: ...