SlideShare a Scribd company logo

Testing python security pyconweb

Jose Manuel Ortega Candel
Jose Manuel Ortega Candel

Python is a language that in a easy way allows to scale up from starter projects to complex applications for data processing and serving dynamic web pages. But as you increase complexity in your applications, it can be easy to introduce potential problems and vulnerabilities. In this talk José Manuel Ortega will talk about the common security problems in Python code, like remote command execution and SQL injections. Of course he'll show to to prevent against these and other types of vulnerabilities. https://pyconweb.com/talks/26-05-2019/testing-python-security

Technology
1 of 49
Download to read offline
Testing python security PyconWeb 2019 1 @jmortegac Testing Python Security José Manuel Ortega @jmortegac
Testing python security PyconWeb 2019 2 @jmortegac jmortega.github.io
Testing python security PyconWeb 2019 3 @jmortegac ● Develop Python scripts for automating security and pentesting tasks ● Discover the Python standard library's main modules used for performing security-related tasks ● Automate analytical tasks and the extraction of information from servers ● Explore processes for detecting and exploiting vulnerabilities in servers ● Use network software for Python programming ● Perform server scripting and port scanning with Python ● Identify vulnerabilities in web applications with Python ● Use Python to extract metadata and forensics
Testing python security PyconWeb 2019 4 @jmortegac
Testing python security PyconWeb 2019 5 @jmortegac 1. Python dangerous functions 2. Common attack vectors 3. Static analisys tools 4. Other security issues
Testing python security PyconWeb 2019 6 @jmortegac Unsafe python components
Testing python security PyconWeb 2019 7 @jmortegac Dangerous Python Functions
Testing python security PyconWeb 2019 8 @jmortegac Security issues Here’s a list of handful of other potential issues to watch for: ● Dangerous python functions like eval() ● Serialization and deserialization objects with pickle ● SQL and JavaScript snippets
Testing python security PyconWeb 2019 9 @jmortegac Improper input/output validation
Testing python security PyconWeb 2019 10 @jmortegac eval() eval(expression[, globals[, locals]])
Testing python security PyconWeb 2019 11 @jmortegac eval() No globals
Testing python security PyconWeb 2019 12 @jmortegac eval() eval("__import__('os').system('clear') ", {}) eval("__import__('os').system('rm -rf')", {})
Testing python security PyconWeb 2019 13 @jmortegac eval() Refuse access to the builtins
Testing python security PyconWeb 2019 14 @jmortegac eval() https://docs.python.org/3/library/ast.html#ast.liter al_eval
Testing python security PyconWeb 2019 15 @jmortegac Serialization and Deserialization with Pickle WARNING: pickle or cPickle are NOT designed as safe/secure solution for serialization
Testing python security PyconWeb 2019 16 @jmortegac Serialization and Deserialization with Pickle
Testing python security PyconWeb 2019 17 @jmortegac Serialization and Deserialization with Pickle
Testing python security PyconWeb 2019 18 @jmortegac Serialization and Deserialization with Pickle
Testing python security PyconWeb 2019 19 @jmortegac Serialization and Deserialization with Pickle
Testing python security PyconWeb 2019 20 @jmortegac Input injection attacks
Testing python security PyconWeb 2019 21 @jmortegac Command Injection @app.route('/menu',methods =['POST']) def menu(): param = request.form [ ' suggestion '] command = ' echo ' + param + ' >> ' + ' menu.txt ' subprocess.call(command,shell = True) with open('menu.txt','r') as f: menu = f.read() return render_template('command_injection.html', menu = menu)
Testing python security PyconWeb 2019 22 @jmortegac Command Injection @app.route('/menu',methods =['POST']) def menu(): param = request.form [ ' suggestion '] command = ' echo ' + param + ' >> ' + ' menu.txt ' subprocess.call(command,shell = False) with open('menu.txt','r') as f: menu = f.read() return render_template('command_injection.html', menu = menu)
Testing python security PyconWeb 2019 23 @jmortegac Command Injection
Testing python security PyconWeb 2019 24 @jmortegac Command Injection >>> ping('8.8.8.8; rm -rf /') 64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=6.32 ms rm: cannot remove `/bin/dbus-daemon': Permission denied rm: cannot remove `/bin/dbus-uuidgen': Permission denied rm: cannot remove `/bin/dbus-cleanup-sockets': Permission denied rm: cannot remove `/bin/cgroups-mount': Permission denied rm: cannot remove `/bin/cgroups-umount': Permission denied >>> ping('8.8.8.8; rm -rf /') ping: unknown host 8.8.8.8; rm -rf /
Testing python security PyconWeb 2019 25 @jmortegac shlex module
Testing python security PyconWeb 2019 26 @jmortegac Common attack vectors OWASP TOP 10: A1 Injection A2 Broken Authentication and Session Management A3 Cross-Site Scripting (XSS) A4 Insecure Direct Object References A5 Security Misconfiguration A6 Sensitive Data Exposure A7 Missing Function Level Access Control A8 Cross-Site Request Forgery (CSRF) A9 Using Components with Known Vulnerabilities A10 Unvalidated Redirects and Forwards
Testing python security PyconWeb 2019 27 @jmortegac SQL Injection @app.route('/filtering') def filtering(): param = request.args.get('param', 'not set') Session = sessionmaker(bind = db.engine) session = Session() result = session.query(User).filter(" username ={} ".format(param)) for value in result: print(value.username , value.email) return ' Result is displayed in console.'
Testing python security PyconWeb 2019 28 @jmortegac Prevent SQL injection attacks Prevent SQL injection attacks ● NEVER concatenate untrusted inputs in SQL code. ● Concatenate constant fragments of SQL (literals) with parameter placeholders. ● cur.execute("SELECT * FROM students WHERE name= '%s';" % name) ● c.execute("SELECT * from students WHERE name=(?)" , name)
Testing python security PyconWeb 2019 29 @jmortegac XSS from flask import Flask , request , make_response app = Flask(__name__) @app.route ('/XSS_param',methods =['GET ]) def XSS(): param = request.args.get('param','not set') html = open('templates/XSS_param.html ').read() resp = make_response(html.replace('{{ param}}',param)) return resp if __name__ == ' __main__ ': app.run(debug = True)
Testing python security PyconWeb 2019 30 @jmortegac XSS Server Side Template Injection (SSTI)
Testing python security PyconWeb 2019 31 @jmortegac XSS
Testing python security PyconWeb 2019 32 @jmortegac XSS
Testing python security PyconWeb 2019 33 @jmortegac Automated security testing Automatic Scanning tools: ● SQLMap: Sql injection ● XSScrapy: Sql injection and XSS Source Code Analysis tools: ● Bandit: Open Source and can be easily integrated with Jenkins CI/CD
Testing python security PyconWeb 2019 34 @jmortegac SQLMap
Testing python security PyconWeb 2019 35 @jmortegac SQLMap
Testing python security PyconWeb 2019 36 @jmortegac Bandit
Testing python security PyconWeb 2019 37 @jmortegac Bandit
Testing python security PyconWeb 2019 38 @jmortegac Bandit Test plugins
Testing python security PyconWeb 2019 39 @jmortegac Bandit Test plugins
Testing python security PyconWeb 2019 40 @jmortegac Bandit Test plugins
Testing python security PyconWeb 2019 41 @jmortegac Bandit Test plugins
Testing python security PyconWeb 2019 42 @jmortegac Bandit Test plugins
Testing python security PyconWeb 2019 43 @jmortegac Bandit Test plugins SELECT %s FROM derp;” % var “SELECT thing FROM ” + tab “SELECT ” + val + ” FROM ” + tab + … “SELECT {} FROM derp;”.format(var)
Testing python security PyconWeb 2019 44 @jmortegac Tools
Testing python security PyconWeb 2019 45 @jmortegac Tools
Testing python security PyconWeb 2019 46 @jmortegac Other security issues Insecure packages
Testing python security PyconWeb 2019 47 @jmortegac Interesting links https://github.com/jmortega/testing_python_security
Testing python security PyconWeb 2019 48 @jmortegac Interesting links https://security.openstack.org/#bandit-static-analysis-for-python https://security.openstack.org/guidelines/dg_use-subprocess-securely.html https://security.openstack.org/guidelines/dg_avoid-shell-true.html https://security.openstack.org/guidelines/dg_parameterize-database-querie s.html https://security.openstack.org/guidelines/dg_cross-site-scripting-xss.html https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsin g-libraries.html
Testing python security PyconWeb 2019 49 @jmortegac

Recommended

Testing python security PyCon IE
Testing python security PyCon IETesting python security PyCon IE
Testing python security PyCon IEJose Manuel Ortega Candel
 
Exceptions & Its Handling
Exceptions & Its HandlingExceptions & Its Handling
Exceptions & Its HandlingBharat17485
 
2008 - TechDays PT: WCF, JSON and AJAX for performance and manageability
2008 - TechDays PT: WCF, JSON and AJAX for performance and manageability2008 - TechDays PT: WCF, JSON and AJAX for performance and manageability
2008 - TechDays PT: WCF, JSON and AJAX for performance and manageabilityDaniel Fisher
 
We Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityWe Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityPVS-Studio
 
OCP Java SE 8 Exam - Sample Questions - Exceptions and Assertions
OCP Java SE 8 Exam - Sample Questions - Exceptions and AssertionsOCP Java SE 8 Exam - Sample Questions - Exceptions and Assertions
OCP Java SE 8 Exam - Sample Questions - Exceptions and AssertionsGanesh Samarthyam
 
Building resilient services in go
Building resilient services in goBuilding resilient services in go
Building resilient services in goJaehue Jang
 
Pengenalan Unit Testing dan TDD
Pengenalan Unit Testing dan TDDPengenalan Unit Testing dan TDD
Pengenalan Unit Testing dan TDDtlabamazing
 
Php5 certification mock exams
Php5 certification mock examsPhp5 certification mock exams
Php5 certification mock examsecho liu
 

Recommended

Testing python security PyCon IE
Testing python security PyCon IETesting python security PyCon IE
Testing python security PyCon IEJose Manuel Ortega Candel
 
Exceptions & Its Handling
Exceptions & Its HandlingExceptions & Its Handling
Exceptions & Its HandlingBharat17485
 
2008 - TechDays PT: WCF, JSON and AJAX for performance and manageability
2008 - TechDays PT: WCF, JSON and AJAX for performance and manageability2008 - TechDays PT: WCF, JSON and AJAX for performance and manageability
2008 - TechDays PT: WCF, JSON and AJAX for performance and manageabilityDaniel Fisher
 
We Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityWe Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityPVS-Studio
 
OCP Java SE 8 Exam - Sample Questions - Exceptions and Assertions
OCP Java SE 8 Exam - Sample Questions - Exceptions and AssertionsOCP Java SE 8 Exam - Sample Questions - Exceptions and Assertions
OCP Java SE 8 Exam - Sample Questions - Exceptions and AssertionsGanesh Samarthyam
 
Building resilient services in go
Building resilient services in goBuilding resilient services in go
Building resilient services in goJaehue Jang
 
Pengenalan Unit Testing dan TDD
Pengenalan Unit Testing dan TDDPengenalan Unit Testing dan TDD
Pengenalan Unit Testing dan TDDtlabamazing
 
Php5 certification mock exams
Php5 certification mock examsPhp5 certification mock exams
Php5 certification mock examsecho liu
 
Test Fest 2009
Test Fest 2009Test Fest 2009
Test Fest 2009Pierre Joye
 
OCP Java SE 8 Exam - Sample Questions - Generics and Collections
OCP Java SE 8 Exam - Sample Questions - Generics and CollectionsOCP Java SE 8 Exam - Sample Questions - Generics and Collections
OCP Java SE 8 Exam - Sample Questions - Generics and CollectionsGanesh Samarthyam
 
C pointers
C pointersC pointers
C pointersMd. Shafiuzzaman Hira
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling sharqiyem
 
The First C# Project Analyzed
The First C# Project AnalyzedThe First C# Project Analyzed
The First C# Project AnalyzedPVS-Studio
 
OCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIOCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIGanesh Samarthyam
 
Python Programming Essentials - M39 - Unit Testing
Python Programming Essentials - M39 - Unit TestingPython Programming Essentials - M39 - Unit Testing
Python Programming Essentials - M39 - Unit TestingP3 InfoTech Solutions Pvt. Ltd.
 
The Death of Flaky Tests by Dave Haeffner
The Death of Flaky Tests by Dave HaeffnerThe Death of Flaky Tests by Dave Haeffner
The Death of Flaky Tests by Dave HaeffnerSauce Labs
 
C++ The Principles of Most Surprise
C++ The Principles of Most SurpriseC++ The Principles of Most Surprise
C++ The Principles of Most SurprisePatricia Aas
 
Exception handling in java
Exception handling in javaException handling in java
Exception handling in javaAmbigaMurugesan
 
Basic structure of a c program
Basic structure of a c programBasic structure of a c program
Basic structure of a c programMumtaz Ahmad
 
Algoritmos sujei
Algoritmos sujeiAlgoritmos sujei
Algoritmos sujeigersonjack
 
Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Patricia Aas
 
Agile mobile
Agile mobileAgile mobile
Agile mobileGodfrey Nolan
 
Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Sebastiano Panichella
 
12 Exceptions handling
12 Exceptions handling12 Exceptions handling
12 Exceptions handlingmaznabili
 
Program structure of c
Program structure of cProgram structure of c
Program structure of cSatveer Mann
 
Web App Testing With Selenium
Web App Testing With SeleniumWeb App Testing With Selenium
Web App Testing With Seleniumjoaopmaia
 
Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Patricia Aas
 
Handling
HandlingHandling
HandlingAmit Vats
 
Pemrograman Python untuk Pemula
Pemrograman Python untuk PemulaPemrograman Python untuk Pemula
Pemrograman Python untuk PemulaOon Arfiandwi
 
Secure your Web Application With The New Python Audit Hooks
Secure your Web Application With The New Python Audit HooksSecure your Web Application With The New Python Audit Hooks
Secure your Web Application With The New Python Audit HooksNicolas Vivet
 

More Related Content

What's hot

OCP Java SE 8 Exam - Sample Questions - Generics and Collections
OCP Java SE 8 Exam - Sample Questions - Generics and CollectionsOCP Java SE 8 Exam - Sample Questions - Generics and Collections
OCP Java SE 8 Exam - Sample Questions - Generics and CollectionsGanesh Samarthyam
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling sharqiyem
 
The First C# Project Analyzed
The First C# Project AnalyzedThe First C# Project Analyzed
The First C# Project AnalyzedPVS-Studio
 
OCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIOCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIGanesh Samarthyam
 
The Death of Flaky Tests by Dave Haeffner
The Death of Flaky Tests by Dave HaeffnerThe Death of Flaky Tests by Dave Haeffner
The Death of Flaky Tests by Dave HaeffnerSauce Labs
 
C++ The Principles of Most Surprise
C++ The Principles of Most SurpriseC++ The Principles of Most Surprise
C++ The Principles of Most SurprisePatricia Aas
 
Exception handling in java
Exception handling in javaException handling in java
Exception handling in javaAmbigaMurugesan
 
Basic structure of a c program
Basic structure of a c programBasic structure of a c program
Basic structure of a c programMumtaz Ahmad
 
Algoritmos sujei
Algoritmos sujeiAlgoritmos sujei
Algoritmos sujeigersonjack
 
Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Patricia Aas
 
Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Sebastiano Panichella
 
12 Exceptions handling
12 Exceptions handling12 Exceptions handling
12 Exceptions handlingmaznabili
 
Program structure of c
Program structure of cProgram structure of c
Program structure of cSatveer Mann
 
Web App Testing With Selenium
Web App Testing With SeleniumWeb App Testing With Selenium
Web App Testing With Seleniumjoaopmaia
 
Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Patricia Aas
 

What's hot (20)

Test Fest 2009
Test Fest 2009Test Fest 2009
Test Fest 2009
 
OCP Java SE 8 Exam - Sample Questions - Generics and Collections
OCP Java SE 8 Exam - Sample Questions - Generics and CollectionsOCP Java SE 8 Exam - Sample Questions - Generics and Collections
OCP Java SE 8 Exam - Sample Questions - Generics and Collections
 
C pointers
C pointersC pointers
C pointers
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling
 
The First C# Project Analyzed
The First C# Project AnalyzedThe First C# Project Analyzed
The First C# Project Analyzed
 
OCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIOCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams API
 
Python Programming Essentials - M39 - Unit Testing
Python Programming Essentials - M39 - Unit TestingPython Programming Essentials - M39 - Unit Testing
Python Programming Essentials - M39 - Unit Testing
 
The Death of Flaky Tests by Dave Haeffner
The Death of Flaky Tests by Dave HaeffnerThe Death of Flaky Tests by Dave Haeffner
The Death of Flaky Tests by Dave Haeffner
 
C++ The Principles of Most Surprise
C++ The Principles of Most SurpriseC++ The Principles of Most Surprise
C++ The Principles of Most Surprise
 
Exception handling in java
Exception handling in javaException handling in java
Exception handling in java
 
Basic structure of a c program
Basic structure of a c programBasic structure of a c program
Basic structure of a c program
 
Algoritmos sujei
Algoritmos sujeiAlgoritmos sujei
Algoritmos sujei
 
Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)
 
Agile mobile
Agile mobileAgile mobile
Agile mobile
 
Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...
 
12 Exceptions handling
12 Exceptions handling12 Exceptions handling
12 Exceptions handling
 
Program structure of c
Program structure of cProgram structure of c
Program structure of c
 
Web App Testing With Selenium
Web App Testing With SeleniumWeb App Testing With Selenium
Web App Testing With Selenium
 
Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)
 
Handling
HandlingHandling
Handling
 

Similar to Testing python security pyconweb

Pemrograman Python untuk Pemula
Pemrograman Python untuk PemulaPemrograman Python untuk Pemula
Pemrograman Python untuk PemulaOon Arfiandwi
 
Secure your Web Application With The New Python Audit Hooks
Secure your Web Application With The New Python Audit HooksSecure your Web Application With The New Python Audit Hooks
Secure your Web Application With The New Python Audit HooksNicolas Vivet
 
Effective testing with pytest
Effective testing with pytestEffective testing with pytest
Effective testing with pytestHector Canto
 
Quality of life through Unit Testing
Quality of life through Unit TestingQuality of life through Unit Testing
Quality of life through Unit TestingSian Lerk Lau
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Тестирование и Django
Тестирование и DjangoТестирование и Django
Тестирование и DjangoMoscowDjango
 
Python Network Programming – Course Applications Guide
Python Network Programming – Course Applications GuidePython Network Programming – Course Applications Guide
Python Network Programming – Course Applications GuideMihai Catalin Teodosiu
 
Seven Peaks Speaks - Compose Screenshot Testing Made Easy
Seven Peaks Speaks - Compose Screenshot Testing Made EasySeven Peaks Speaks - Compose Screenshot Testing Made Easy
Seven Peaks Speaks - Compose Screenshot Testing Made EasySeven Peaks Speaks
 
Mastering Mock Objects - Advanced Unit Testing for Java
Mastering Mock Objects - Advanced Unit Testing for JavaMastering Mock Objects - Advanced Unit Testing for Java
Mastering Mock Objects - Advanced Unit Testing for JavaDenilson Nastacio
 
How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...
How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...
How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...Wim Selles
 
Taking Jenkins Pipeline to the Extreme
Taking Jenkins Pipeline to the ExtremeTaking Jenkins Pipeline to the Extreme
Taking Jenkins Pipeline to the Extremeyinonavraham
 
Testing the frontend
Testing the frontendTesting the frontend
Testing the frontendHeiko Hardt
 
Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...
Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...
Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...Sunaina Pai
 
What do you mean it needs to be Java based? How jython saved the day.
What do you mean it needs to be Java based? How jython saved the day.What do you mean it needs to be Java based? How jython saved the day.
What do you mean it needs to be Java based? How jython saved the day.Mark Rees
 
Workshop quality assurance for php projects tek12
Workshop quality assurance for php projects tek12Workshop quality assurance for php projects tek12
Workshop quality assurance for php projects tek12Michelangelo van Dam
 
pytest로 파이썬 코드 테스트하기
pytest로 파이썬 코드 테스트하기pytest로 파이썬 코드 테스트하기
pytest로 파이썬 코드 테스트하기Yeongseon Choe
 

Similar to Testing python security pyconweb (20)

Pemrograman Python untuk Pemula
Pemrograman Python untuk PemulaPemrograman Python untuk Pemula
Pemrograman Python untuk Pemula
 
Secure your Web Application With The New Python Audit Hooks
Secure your Web Application With The New Python Audit HooksSecure your Web Application With The New Python Audit Hooks
Secure your Web Application With The New Python Audit Hooks
 
Effective testing with pytest
Effective testing with pytestEffective testing with pytest
Effective testing with pytest
 
Quality of life through Unit Testing
Quality of life through Unit TestingQuality of life through Unit Testing
Quality of life through Unit Testing
 
Python para equipos de ciberseguridad
Python para equipos de ciberseguridad Python para equipos de ciberseguridad
Python para equipos de ciberseguridad
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Тестирование и Django
Тестирование и DjangoТестирование и Django
Тестирование и Django
 
Zone IDA Proc
Zone IDA ProcZone IDA Proc
Zone IDA Proc
 
Django
DjangoDjango
Django
 
Python Network Programming – Course Applications Guide
Python Network Programming – Course Applications GuidePython Network Programming – Course Applications Guide
Python Network Programming – Course Applications Guide
 
Seven Peaks Speaks - Compose Screenshot Testing Made Easy
Seven Peaks Speaks - Compose Screenshot Testing Made EasySeven Peaks Speaks - Compose Screenshot Testing Made Easy
Seven Peaks Speaks - Compose Screenshot Testing Made Easy
 
Mastering Mock Objects - Advanced Unit Testing for Java
Mastering Mock Objects - Advanced Unit Testing for JavaMastering Mock Objects - Advanced Unit Testing for Java
Mastering Mock Objects - Advanced Unit Testing for Java
 
How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...
How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...
How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...
 
Taking Jenkins Pipeline to the Extreme
Taking Jenkins Pipeline to the ExtremeTaking Jenkins Pipeline to the Extreme
Taking Jenkins Pipeline to the Extreme
 
Testing the frontend
Testing the frontendTesting the frontend
Testing the frontend
 
ADLAB.pdf
ADLAB.pdfADLAB.pdf
ADLAB.pdf
 
Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...
Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...
Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...
 
What do you mean it needs to be Java based? How jython saved the day.
What do you mean it needs to be Java based? How jython saved the day.What do you mean it needs to be Java based? How jython saved the day.
What do you mean it needs to be Java based? How jython saved the day.
 
Workshop quality assurance for php projects tek12
Workshop quality assurance for php projects tek12Workshop quality assurance for php projects tek12
Workshop quality assurance for php projects tek12
 
pytest로 파이썬 코드 테스트하기
pytest로 파이썬 코드 테스트하기pytest로 파이썬 코드 테스트하기
pytest로 파이썬 코드 테스트하기
 

More from Jose Manuel Ortega Candel

Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfAsegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfJose Manuel Ortega Candel
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfPyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfJose Manuel Ortega Candel
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Jose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Jose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfEvolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfJose Manuel Ortega Candel
 
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfImplementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfJose Manuel Ortega Candel
 
Seguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudSeguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudJose Manuel Ortega Candel
 
Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Jose Manuel Ortega Candel
 
Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Jose Manuel Ortega Candel
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sJose Manuel Ortega Candel
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Jose Manuel Ortega Candel
 
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanShodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanJose Manuel Ortega Candel
 
ELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamJose Manuel Ortega Candel
 
Monitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsMonitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsJose Manuel Ortega Candel
 
Python memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorPython memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorJose Manuel Ortega Candel
 
Machine Learning para proyectos de seguridad(Pycon)
Machine Learning para proyectos de seguridad(Pycon)Machine Learning para proyectos de seguridad(Pycon)
Machine Learning para proyectos de seguridad(Pycon)Jose Manuel Ortega Candel
 

More from Jose Manuel Ortega Candel (20)

Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfAsegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfPyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdf
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops
 
Evolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfEvolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdf
 
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfImplementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdf
 
Computación distribuida usando Python
Computación distribuida usando PythonComputación distribuida usando Python
Computación distribuida usando Python
 
Seguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudSeguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloud
 
Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud
 
Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8s
 
Implementing cert-manager in K8s
Implementing cert-manager in K8sImplementing cert-manager in K8s
Implementing cert-manager in K8s
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)
 
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanShodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
 
ELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue Team
 
Monitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsMonitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source tools
 
Python Memory Management 101(Europython)
Python Memory Management 101(Europython)Python Memory Management 101(Europython)
Python Memory Management 101(Europython)
 
SecDevOps containers
SecDevOps containersSecDevOps containers
SecDevOps containers
 
Python memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorPython memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collector
 
Machine Learning para proyectos de seguridad(Pycon)
Machine Learning para proyectos de seguridad(Pycon)Machine Learning para proyectos de seguridad(Pycon)
Machine Learning para proyectos de seguridad(Pycon)
 

Recently uploaded

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Recently uploaded (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

Testing python security pyconweb