04-22, 14:35–15:05 (Europe/Berlin), Kuppelsaal
Every developer wants to write good code. Good code, that also means security against attackers and their threats. But how secure is your code really?
The talk explains how you can use Threat Modeling to assess your application in a systematic approach against the threats that are relevant to your use cases and their attack surface.
In the ever-evolving landscape of cybersecurity, Python applications play a pivotal role in handling critical data and supporting essential business functions, making them prime targets for malicious actors. As the stakes continue to rise, developers want to prioritize the implementation of security measures to safeguard against potential threats. However, the definition of "secure" remains elusive and often subjective. This does not only cause insecurity of the application, but especially among the people that develop it.
This talk explains how to move from "best effort security" to a comprehensive and systematic approach to application security. It introduces the tried and tested method “Threat Modeling” and explains its value in a Python development project.
Python developers will gain practical insights to identify, assess, and prioritize security risks systematically. Real-world examples illustrate the impact of effective threat modeling, empowering developers to proactively secure their applications against the threats that are really relevant for them.
Intermediate
Abstract as a tweet (X) or toot (Mastodon) –Is your code secure enough? Find out by doing Threat Modeling!
Expected audience expertise: Python –Novice
For more than ten years, Clemens has been working at the interface between software and security. After roles as a software developer and in penetration testing, he joined inovex in 2018 as a software security engineer. Today, he supports development projects at the conception and implementation level, advises on DevSecOps and loves giving trainings and talks.