Feb 2017
13 Mon
14 Tue
15 Wed
16 Thu 09:00 AM – 06:00 PM IST
17 Fri 09:00 AM – 06:00 PM IST
18 Sat
19 Sun
PyCon, the gathering for the community using and developing the open-source Python programming language. This is the first year of the PyCon Pune where the community will meet for two days of talks and working on upstream projects in two days of dev sprint. CFP ends on 30th November AoE.
HS
Huzaifa Sidhpurwala
A bite of Python - What python has to do with security?
Submitted Nov 10, 2016
Technical level:
Intermediate
Being easy to pick up and progress quickly towards developing larger and more complicated applications, Python is becoming increasingly ubiquitous in computing environments. Though apparent language clarity and friendliness could lull the vigilance of software engineers and system administrators -- luring them into coding mistakes that may have serious security implications. In this talk, which primarily targets people who are new to Python, a handful of security-related quirks are looked at; experienced developers may well be aware of the peculiarities that follow.
Outline
I talk about various security pitfalls when using python. Which ranges from python deserialization issues to use of invalid modules.
The following will be covered:
Python input function
Assert statements
Reusable integers
Floats
Private attributes
Module injection
Code execution on import
Monkey patching
Shell injection
Temp. files
Deserialization in python
Misc
Speaker bio
Huzaifa Sidhpurwala is a Principal Security Engineer at Red Hat. Part of various upstream security teams which include Mozilla, WebKit, PHP and not to forget Python :) Have been a open source developer and freelance security researcher for the last 7 years. A regular contributor to the fedora project and a speaker at a lot of open source conferences.
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}