Have you ever thought about IT Security when coding your Python application? If not, you are not alone – but also not safe.

Just recently, a research study counted almost 4000 secrets published on PyPI. Most of the secrets such as AWS Keys, Google API Keys or database credentials were most likely leaked accidentally. Leaked credentials top the list of entry points for attackers into protected areas. In this talk you’ll gain insights into how malicious attacks on Python applications are performed – and most importantly, how to protect yourself against them.

We’ll kick off with a basic review of how to crack a password with brute force and continue with the most important IT Security principles. After understanding the importance of adhering to common security precautions, we will dive into Python coding hygiene. Where do the most common vulnerabilities lie? How can we strengthen the security of our code? We’ll cover secure coding practices such as code analysis, input validation and dependency vulnerabilities in theory and practice. Lastly, we will look at some case studies of common attacks on Python code and how to protect yourself against them.

If you have never thought about security aspects in Python, this talk is for you!

Antonia Scherz

Affiliation: PD

Antonia Scherz is senior specialist for machine learning applications at PD - Berater der öffentlichen Hand in Berlin. At PD she builds proof of concept tools and assists in software development for machine learning applications in public administration. She is passionate about making machine learning and open software tools widely and securely used by public administration and is fascinated by how new tools can be integrated into old structures for the public good.

Roman Krafft