➡️ What about security in Python RPA? Check out good practices to make your robots more secure 🤖👇
📌 In RPA, bots often have direct communication with critical systems that, without proper measures, can leave sensitive data vulnerable and facilitate unauthorized access;
💡 The most prominent tech companies use Python massively in their stacks. With Python, your RPA operation can guarantee point-to-point the highest level of security (with encryption, vulnerability testing, and more);
💡 See BotCity ‘s recommendations for further protecting your bots and mitigating key risks (according to OWASP):
✅ Protect the environment in which the bot is developed and run. Including the operating system, database, dependencies, and network, with the latest security updates;
✅ Separate development, test/homologation, and production environments;
✅ Make communication secure with VPNs, encryptions, SSL/HTTPS certificates, allow-lists, and specific ports on the firewall;
✅ Ensure that actions are assigned with secure and unique identification credentials for each robot;
✅ Separate credentials from the code and store them in an encrypted vault, and change them periodically;
✅ Grant strictly necessary permissions to the bot and collaborators, with multi-factor authentication where applicable;
✅ When deactivating a bot, don’t forget to revoke the credentials;
✅ Monitor the activities of bots and create alerts for unexpected behavior;
✅ Manage sessions with screenshots or videos;
✅ Protect the integrity of logs by storing them separately and ensuring that they are complete and auditable;
✅ Do not use the default Python interpreter. It is likely outdated. Install and make sure you have the latest version;
✅ Use virtual environments;
✅ Avoid making relative imports;
✅ Beware of unknown, unofficial, or out-of-date libraries (check the Snyk Advisor). Be careful not to misspell the library name and use a malicious one by mistake;
✅ Avoid loading unnecessary data/libraries;
✅ Keep the code clean;
✅ Always validate/treat data entries to protect against injections, use encryption for sensitive data, and handle errors and exceptions;
✅ Avoid leaving unlimited things and free up memory for objects you are no longer going to use;
✅Set DEBUG = FALSE in production;
✅ Deserialize with caution when using Pickle. Evaluate using PyYAML;
✅ Establish an adaptive governance framework;
✅ Perform unit tests, integration tests, canary releases, and periodically evaluate the implementation as a whole;
✅ Make code review, versioning control, and backups;
✅ Scan your code for vulnerabilities (get to know Bandit, Snyk Code, SonarQube…);
✅ Reflect on scenarios where things can go wrong and have a plan for incidents;
✅ Have a proactive dialog with the security team from the beginning of the project;
