Python is a language that in a easy way allows to scale up from starter projects to complex applications for data processing and serving dynamic web pages. But as you increase complexity in your applications, it can be easy to introduce potential problems and vulnerabilities.
In this talk José Manuel Ortega will talk about the common security problems in Python code, like remote command execution and SQL injections. Of course he'll show to to prevent against these and other types of vulnerabilities.
https://pyconweb.com/talks/26-05-2019/testing-python-security
3. Testing python security
PyconWeb 2019 3 @jmortegac
● Develop Python scripts for automating security and
pentesting tasks
● Discover the Python standard library's main modules
used for performing security-related tasks
● Automate analytical tasks and the extraction of
information from servers
● Explore processes for detecting and exploiting
vulnerabilities in servers
● Use network software for Python programming
● Perform server scripting and port scanning with Python
● Identify vulnerabilities in web applications with Python
● Use Python to extract metadata and forensics
8. Testing python security
PyconWeb 2019 8 @jmortegac
Security issues
Here’s a list of handful of other potential issues to
watch for:
● Dangerous python functions like eval()
● Serialization and deserialization objects with
pickle
● SQL and JavaScript snippets
15. Testing python security
PyconWeb 2019 15 @jmortegac
Serialization and Deserialization with Pickle
WARNING: pickle or cPickle are NOT designed as
safe/secure solution for serialization