PyCon Israel 2022

πŸ‡ΊπŸ‡Έ Python common security mistakes in 2022
2022-06-28, 15:30–16:20, Main Hall

The Python eco-system and community made a lot of progress in terms of security and security awareness, but common OWASP top 10 mistakes still happen in the real world.

Python gives developers multiple tools and best practices to avoid common security issues and vulnerabilities. However, real life requirements, obstacles and deadlines can sometimes cause good developers to produce insecure code that is vulnerable to common OWASP top 10 attacks like Authorization Bypass, SQL Injection and Cross Site Scripting (XSS).

This presentation shows examples based on real-life vulnerabilities we encounter at CYE in our everyday penetration testing of our clients, with vulnerable code examples and mitigations.

Presentation outline:
Attack and threats - OWASP Top 10 * Parameter Tampering * SQL Injections * XSS\PXSS * Malicious File Upload

Mitigations * Parameterized Queries and ORM * Hardening: Authorizations + Views * Authorization and permission checks * Input Validation * Output HTML Encoding

Session language – English Target audience – Developers