[Pycon] [new paper] "Tilak T" - Securing a Python applications

info a pycon.it info a pycon.it
Gio 3 Gen 2019 15:45:52 CET 

Title: Securing a Python applications
Duration: 240 (includes Q&A)
Q&A Session: 0
Language: en
Type: Training

Abstract: Web Applications and Web-Services are taking over the world. It is accelerating because of its ease and flexibility. Developers often use and develop applications because it's exciting to work with.But, they forget about security which leads to compromised and exploited applications.I find that vulnerabilities like Insecure Deserialization, XML External Entities, Server-Side Template Injection and Authorization Flaws are quite prevalent.I find that there are some simple steps that engineering teams can take towards finding and fixing such vulnerabilities as early as possible. This workshop meant to be a holistic perspective on finding and fixing some uncommon flaws that will be replete with anecdotes and examples of secure and insecure code. I will also delve into automating SAST and DAST tools using RobotFramework to identify such flaws in python and fixing those vulnerabilities.

Session 1:
 1. Introduction to Common Vulnerability in Python Application
   1. Introduction to Vulnerabilities
   2. OWASP Top 10 Vulnerabilities
   3. Lab  
        a.  Exploiting Vulnerability
        b. mitigate  vulnerability
2. Unique Vulnerability In Python Application
    1. What are the Unique Vulnerabilities
Session 2

    2.Lab
       a. Exploiting Vulnerability 
       b. Mitigating Vulnerability
3. Mitigating the Vulnerability using Tools
    a. What is SCA
         a. Lab 
   b. What is SAST
       b. Lab
  c. What DAST
       c. Lab
 D. Dev pipeline 


Any developer interested in securing their python application can benefit by attending this workshop. It will be filled with Demo and Labs sessions that will showcase Multiple ways of breaking  and securing application, including the OWASP-2017 TOP-10 Vulnerabilities!
Detailed instructions for the examples used will be provided to all attendees. This will help them practise and test their own Applications at a later stage.

Tags: [u'#PostrgreSQL', u'API Management', u'application-design', u'django', u'web-applications', u'Python', u'#data', u'#security', u'#deployment', u'application-development', u'network-vulnerability', u'devop', u'django-rest-framework', u'flask', u'security', u'#github']

Maggiori informazioni sulla lista Pycon