2024-04-22 –, Kuppelsaal
Have you ever thought about IT Security when coding your Python application? If not, you are not alone – but also not safe.
Just recently, a research study counted almost 4000 secrets published on PyPI. Most of the secrets such as AWS Keys, Google API Keys or database credentials were most likely leaked accidentally. Leaked credentials top the list of entry points for attackers into protected areas. In this talk you’ll gain insights into how malicious attacks on Python applications are performed – and most importantly, how to protect yourself against them.
We’ll kick off with a basic review of how to crack a password not only with brute force and continue with the most important IT Security principles. After understanding the importance of adhering to common security precautions, we will dive into Python coding hygiene. Where do the most common vulnerabilities lie? How can we strengthen the security of our code?
We’ll cover secure coding practices such as code analysis, input validation and dependency vulnerabilities in theory and practice. Lastly, we will look at some case studies of common attacks on Python code and how to protect yourself against them.
If you have never thought about security aspects in Python, this talk is for you!
This talk will highlight the theoretical concepts on security. We’ll start with a general overview and dive into specifics for Python applications. We will address five main questions:
- How can we retrieve a password with a Python function?
- What are the most essential IT Security practices?
- Where can we find information on current security vulnerabilities?
- What should we keep in mind to write secure Python code?
- What are some historical attacks on Python code? What can we learn from them?
Listeners will walk away with a general overview of how to approach security issues when building their Python application and make their future code more secure.
Novice
Expected audience expertise: Python:Intermediate
Abstract as a tweet (X) or toot (Mastodon):You shall not pass! Make your Python code strong against attacks.
Public link to supporting material, e.g. videos, Github, etc.:Antonia Scherz is senior specialist for machine learning applications at PD - Berater der öffentlichen Hand in Berlin. At PD she builds proof of concept tools and assists in software development for machine learning applications in public administration. She is passionate about making machine learning and open software tools widely and securely used by public administration and is fascinated by how new tools can be integrated into old structures for the public good.
Roman Krafft has been employed at PD - Consultant of the Public Sector GmbH since June 2021 and has worked there as a senior specialist since October 2023. He oversees projects in the strategic administrative modernization division with a focus on software development and machine learning.
Roman Krafft studied computer science (Bachelor of Science degree) at the Technical University of Kaiserslautern from 2014 to 2018 and then studied computer science (Master of Science degree) at the same university from 2018 to 2021.