PyCon Pune 2017

A conference on the Python programming language

Huzaifa Sidhpurwala

A bite of Python - What python has to do with security?

Submitted Nov 10, 2016

Being easy to pick up and progress quickly towards developing larger and more complicated applications, Python is becoming increasingly ubiquitous in computing environments. Though apparent language clarity and friendliness could lull the vigilance of software engineers and system administrators – luring them into coding mistakes that may have serious security implications. In this talk, which primarily targets people who are new to Python, a handful of security-related quirks are looked at; experienced developers may well be aware of the peculiarities that follow.

Outline

I talk about various security pitfalls when using python. Which ranges from python deserialization issues to use of invalid modules.

The following will be covered:

Python input function
Assert statements
Reusable integers
Floats
Private attributes
Module injection
Code execution on import
Monkey patching
Shell injection
Temp. files
Deserialization in python
Misc

Speaker bio

Huzaifa Sidhpurwala is a Principal Security Engineer at Red Hat. Part of various upstream security teams which include Mozilla, WebKit, PHP and not to forget Python :) Have been a open source developer and freelance security researcher for the last 7 years. A regular contributor to the fedora project and a speaker at a lot of open source conferences.

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}