2022-06-28, 15:30–16:20, Main Hall
The Python eco-system and community made a lot of progress in terms of security and security awareness, but common OWASP top 10 mistakes still happen in the real world.
Python gives developers multiple tools and best practices to avoid common security issues and vulnerabilities. However, real life requirements, obstacles and deadlines can sometimes cause good developers to produce insecure code that is vulnerable to common OWASP top 10 attacks like Authorization Bypass, SQL Injection and Cross Site Scripting (XSS).
This presentation shows examples based on real-life vulnerabilities we encounter at CYE in our everyday penetration testing of our clients, with vulnerable code examples and mitigations.
Attack and threats - OWASP Top 10 * Parameter Tampering * SQL Injections * XSS\PXSS * Malicious File Upload
Mitigations * Parameterized Queries and ORM * Hardening: Authorizations + Views * Authorization and permission checks * Input Validation * Output HTML Encoding