This is a discussion topic for the original post at Python RPA Security - Check out best practices - BotCity | Python RPA | Blog
What about security in Python RPA? Check out good practices to make your robots more secure
In RPA, bots often have direct communication with critical systems that, without proper measures, can leave sensitive data vulnerable and facilitate unauthorized access;
π‘ The most prominent tech companies use Python massively in their stacks. With Python, your RPA operation can guarantee point-to-point the highest level of security (with encryption, vulnerability testing, and more);
π‘ See BotCity βs recommendations for further protecting your bots and mitigating key risks (according to OWASP):
β Protect the environment in which the bot is developed and run. Including the operating system, database, dependencies, and network, with the latest security updates;
β Separate development, test/homologation, and production environments;
β Make communication secure with VPNs, encryptions, SSL/HTTPS certificates, allow-lists, and specific ports on the firewall;
β Ensure that actions are assigned with secure and unique identification credentials for each robot;
β Separate credentials from the code and store them in an encrypted vault, and change them periodically;
β Grant strictly necessary permissions to the bot and collaborators, with multi-factor authentication where applicable;
β When deactivating a bot, donβt forget to revoke the credentials;
β Monitor the activities of bots and create alerts for unexpected behavior;
β Manage sessions with screenshots or videos;
β Protect the integrity of logs by storing them separately and ensuring that they are complete and auditable;
β Do not use the default Python interpreter. It is likely outdated. Install and make sure you have the latest version;
β Use virtual environments;
Avoid making relative imports;
β Beware of unknown, unofficial, or out-of-date libraries (check the Snyk Advisor). Be careful not to misspell the library name and use a malicious one by mistake;
β Avoid loading unnecessary data/libraries;
β Keep the code clean;
β Always validate/treat data entries to protect against injections, use encryption for sensitive data, and handle errors and exceptions;
β Avoid leaving unlimited things and free up memory for objects you are no longer going to use;
Set DEBUG = FALSE in production;
β Deserialize with caution when using Pickle. Evaluate using PyYAML;
β Establish an adaptive governance framework;
β Perform unit tests, integration tests, canary releases and periodically evaluate the implementation as a whole;
Do code review, versioning control, and backups;
β Scan your code for vulnerabilities (get to know Bandit, Snyk Code, SonarQubeβ¦);
β Reflect on scenarios where things can go wrong and have a plan for incidents;
β Have a proactive dialog with the security team from the beginning of the project;