Duration 43:18
16+
Play
Talk video

Unique ways to Hack into a Python Web Service

Tilak T
Senior Solutions Engineer at we45
  • Video
  • Video
DjangoCon US 2018
October 14 2018, San Diego, USA
DjangoCon US 2018
Video
Unique ways to Hack into a Python Web Service
Purchased
In cart
Free
Free
Free
Free
Free
Free
To favorites
1.12 K
I like 0
I dislike 0
Purchased
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Discussion

About speaker

  • Tilak T
    Senior Solutions Engineer at we45

About talk

Topic: IT

Python covers a significant portion of the present day Web services landscape because of frameworks like Django, Flask, CherryPy etc. Many Highly Scalable services are built on one or more of these frameworks.

However, there is a perception among developers that these frameworks protected all classes of Web attacks and the OWASP Top 10 vulnerabilities. This is because of the inherent middleware that has battle-tested controls against some common vulnerabilities like CSRF, SQL Injection, and XSS. However, I have observed that many Python devs do not watch out for lesser-known vulnerabilities that seem to be rife in many Python Web Apps. For instance, in more recent security tests against Python Web Services that our team executes, I find that vulnerabilities like Insecure Deserialization, XML External Entities, Server-Side Template Injection and Authorization Flaws are quite prevalent.

As a developer (largely of Python Web Apps), I find that there are some simple steps that engineering teams can take towards finding and fixing such vulnerabilities with Python Web Services built on Django and Flask. My talk is meant to be a holistic perspective on finding and fixing some uncommon flaws in Python Web Apps. The talk will be replete with multiple demos, anecdotes, and examples of secure and insecure code in Python. I will also delve into SAST and DAST techniques (AST and ZAP Custom Scripts) to identify such flaws in python web applications.

The example repository will be available on GitHub for the community to use.

Share

Cackle comments for the website

Buy this talk

Access to the talk «Unique ways to Hack into a Python Web Service»
Purchased
In cart
Free
Free
Free
Free
Free
Free

Video

Access to all videos «DjangoCon US 2018»
Purchased
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic «IT»?

You might be interested in videos from this event

September 28 2018
Moscow
16
76
app store, apps, development, google play, mobile, soft

Similar talks

Matt Chapman
Manager, Data Engineering at mPulse Mobile
Ryan Sullivan
Web Team Lead at Wharton Research Data Services
Mariatta Wijaya
Platform Engineer at Zapier
Purchased
In cart
Free
Free
Free
Free
Free
Free
Chloe Condon
Developer Evangelist at Sentry
Purchased
In cart
Free
Free
Free
Free
Free
Free
Patrick Arminio
Backend Engineer at Verve
Purchased
In cart
Free
Free
Free
Free
Free
Free

Buy this video

Video

Access to the talk 'Unique ways to Hack into a Python Web Service'
Purchased
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv you get access to our library of the world's best conference talks.

Conference Cast
142 conferences
7193 speakers
1698 hours of content