2025-04-24 –, Helium3
Two truths and a lie:
You have been hacked and you don’t know yet
You haven’t been hacked because it’s not yet convenient (for the attackers)
You think your application is secure
Security is hard. Hard to measure and is always a catch-up game.
Join this talk if you are interested in understanding a bit more about modern security and how it goes way beyond the code of your app.
Usually devs don’t care much about security, and that has probably different reasons:
Focus on security itself doesn’t pay the bills
Not always clear what being secured means
Security =! my code is properly tested
Often comes as an annoying byproduct of ISO27001/SOC2
But attacks and data breaches are becoming way more common, and DORA, NIS2 and the law obligation to publicly share data breaches are trying to bring the companies’ attention (and budget) back to this topic.
Leaving the legalise aside, during this talk we will cover these topics
Some real examples
Your code
CI/CD
Your app
Your production environment
Framework to assess your security posture
Where to Start
Advanced
Expected audience expertise: Python:Intermediate
Christian Barra is a Software Engineer, Tech Lead and international speaker living in Lisbon.
He’s the co-founder of ZeroBang, a cloud consulting company.
He is an active member of the tech community in Berlin, conference organiser and a Python Software Foundation Fellow.
You can follow him on X @christianbarra