Writing secure code in Python
2022-07-15 , Liffey B

The talk will analyze a series of vulnerabilities that given some common mistakes might end up damaging your Python programs (with lots of exemples!). At the end, a precaution and audit method will be presented.


Is your Python code secure? This talk will show how some inattentions, mistakes and assumptions that we, as developers, carry in our code can lead to serious vulnerabilities in our applications. All of that, of course, with lots of examples! At the end, the talk will present a simple way to audit Python code in order to facilitate the maintenance of your security with the identification of possible vulnerabilities.

  • Learn how eval(), pickle, and pip are vulnerable to arbitrary code execution
  • Understand the importance of cryptographically-secure randomness
  • Learn how to audit your code and keep your programs secure
  • ... and more!

Expected audience expertise: Python:

some

Abstract as a tweet:

The talk will analyze a series of vulnerabilities that given some common mistakes might end up damaging your Python programs. At the end, a precaution and audit method will be presented.

Expected audience expertise: Domain:

none

Yan is a Brazilian Python developer, speaker, privacy freak and security enthusiast. He's worked as a teacher and takes education as a true passion in his life. Whenever he finds time, Yan ends up writing blog posts and essays and talking in conferences everywhere, following what he believes is most important in the world - sharing knowledge.