β‘οΈ What about security in Python RPA? Check out good practices to make your robots more secure π€π
π In RPA, bots often have direct communication with critical systems that, without proper measures, can leave sensitive data vulnerable and facilitate unauthorized access;
π‘ The most prominent tech companies use Python massively in their stacks. With Python, your RPA operation can guarantee point-to-point the highest level of security (with encryption, vulnerability testing, and more);
π‘ See BotCity ‘s recommendations for further protecting your bots and mitigating key risks (according to OWASP):
β Protect the environment in which the bot is developed and run. Including the operating system, database, dependencies, and network, with the latest security updates;
β Separate development, test/homologation, and production environments;
β Make communication secure with VPNs, encryptions, SSL/HTTPS certificates, allow-lists, and specific ports on the firewall;
β Ensure that actions are assigned with secure and unique identification credentials for each robot;
β Separate credentials from the code and store them in an encrypted vault, and change them periodically;
β Grant strictly necessary permissions to the bot and collaborators, with multi-factor authentication where applicable;
β When deactivating a bot, don’t forget to revoke the credentials;
β Monitor the activities of bots and create alerts for unexpected behavior;
β Manage sessions with screenshots or videos;
β Protect the integrity of logs by storing them separately and ensuring that they are complete and auditable;
β Do not use the default Python interpreter. It is likely outdated. Install and make sure you have the latest version;
β Use virtual environments;
Avoid making relative imports;
β Beware of unknown, unofficial, or out-of-date libraries (check the Snyk Advisor). Be careful not to misspell the library name and use a malicious one by mistake;
β Avoid loading unnecessary data/libraries;
β Keep the code clean;
β Always validate/treat data entries to protect against injections, use encryption for sensitive data, and handle errors and exceptions;
β Avoid leaving unlimited things and free up memory for objects you are no longer going to use;
Set DEBUG = FALSE in production;
β Deserialize with caution when using Pickle. Evaluate using PyYAML;
β Establish an adaptive governance framework;
β Perform unit tests, integration tests, canary releases and periodically evaluate the implementation as a whole;
Do code review, versioning control, and backups;
β Scan your code for vulnerabilities (get to know Bandit, Snyk Code, SonarQube…);
β Reflect on scenarios where things can go wrong and have a plan for incidents;
β Have a proactive dialog with the security team from the beginning of the project;
