Have you ever thought about IT Security when coding your Python application? If not, you are not alone – but also not safe.

Just recently, a research study counted almost 4000 secrets published on PyPI. Most of the secrets such as AWS Keys, Google API Keys or database credentials were most likely leaked accidentally. Leaked credentials top the list of entry points for attackers into protected areas. In this talk you’ll gain insights into how malicious attacks on Python applications are performed – and most importantly, how to protect yourself against them.

We’ll kick off with a basic review of how to crack a password not only with brute force and continue with the most important IT Security principles. After understanding the importance of adhering to common security precautions, we will dive into Python coding hygiene. Where do the most common vulnerabilities lie? How can we strengthen the security of our code? We’ll cover secure coding practices such as code analysis, input validation and dependency vulnerabilities in theory and practice. Lastly, we will look at some case studies of common attacks on Python code and how to protect yourself against them.

If you have never thought about security aspects in Python, this talk is for you!

Antonia Scherz

Affiliation: PD

Antonia Scherz is senior specialist for machine learning applications at PD - Berater der öffentlichen Hand in Berlin. At PD she builds proof of concept tools and assists in software development for machine learning applications in public administration. She is passionate about making machine learning and open software tools widely and securely used by public administration and is fascinated by how new tools can be integrated into old structures for the public good.

Roman Krafft

Roman Krafft has been employed at PD - Consultant of the Public Sector GmbH since June 2021 and has worked there as a senior specialist since October 2023. He oversees projects in the strategic administrative modernization division with a focus on software development and machine learning.

Roman Krafft studied computer science (Bachelor of Science degree) at the Technical University of Kaiserslautern from 2014 to 2018 and then studied computer science (Master of Science degree) at the same university from 2018 to 2021.