A bite of Python - What python has to do with security?
Being easy to pick up and progress quickly towards developing larger and more complicated applications, Python is becoming increasingly ubiquitous in computing environments. Though apparent language clarity and friendliness could lull the vigilance of software engineers and system administrators – luring them into coding mistakes that may have serious security implications. In this talk, which primarily targets people who are new to Python, a handful of security-related quirks are looked at; experienced developers may well be aware of the peculiarities that follow.
I talk about various security pitfalls when using python. Which ranges from python deserialization issues to use of invalid modules.
The following will be covered:
Python input function
Code execution on import
Deserialization in python
Huzaifa Sidhpurwala is a Principal Security Engineer at Red Hat. Part of various upstream security teams which include Mozilla, WebKit, PHP and not to forget Python :) Have been a open source developer and freelance security researcher for the last 7 years. A regular contributor to the fedora project and a speaker at a lot of open source conferences.