Duration 43:18
16+
Play
Talk video

Unique ways to Hack into a Python Web Service

Tilak T
Senior Solutions Engineer at we45
  • Video
  • Video
DjangoCon US 2018
October 14 2018, San Diego, USA
DjangoCon US 2018
Video
Unique ways to Hack into a Python Web Service
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0
To favorites
726
I like 0
I dislike 0
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0
  • Description
  • Discussion

About speaker

  • Tilak T
    Senior Solutions Engineer at we45

About talk

Python covers a significant portion of the present day Web services landscape because of frameworks like Django, Flask, CherryPy etc. Many Highly Scalable services are built on one or more of these frameworks.

However, there is a perception among developers that these frameworks protected all classes of Web attacks and the OWASP Top 10 vulnerabilities. This is because of the inherent middleware that has battle-tested controls against some common vulnerabilities like CSRF, SQL Injection, and XSS. However, I have observed that many Python devs do not watch out for lesser-known vulnerabilities that seem to be rife in many Python Web Apps. For instance, in more recent security tests against Python Web Services that our team executes, I find that vulnerabilities like Insecure Deserialization, XML External Entities, Server-Side Template Injection and Authorization Flaws are quite prevalent.

As a developer (largely of Python Web Apps), I find that there are some simple steps that engineering teams can take towards finding and fixing such vulnerabilities with Python Web Services built on Django and Flask. My talk is meant to be a holistic perspective on finding and fixing some uncommon flaws in Python Web Apps. The talk will be replete with multiple demos, anecdotes, and examples of secure and insecure code in Python. I will also delve into SAST and DAST techniques (AST and ZAP Custom Scripts) to identify such flaws in python web applications.

The example repository will be available on GitHub for the community to use.

Share

Cackle comments for the website

Buy this talk

Access to the talk «Unique ways to Hack into a Python Web Service»
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0

Video

Access to all videos «DjangoCon US 2018»
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0
Ticket

Buy this video

Video

Access to the talk 'Unique ways to Hack into a Python Web Service'
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0

Conference Cast

ConferenceCast.tv — conference video talk archive.

With this service you can find interesting talks especially for you!

Conference Cast
573 conferences
12290 speakers
6108 hours of content