Elevator Pitch
Security is hard, yet vital for any software these days. This talk will take you on a brief tour in secure software design, illustrate common security issues, and point you to helpful tools and resources. Topics include threat analysis, deployment, parsing, authentication, TLS/SSL, crypto, and more.
Description
These days virtually all software and computer hardware is connected to the internet. Ultimately the internet is a hostile place and filled with people that will attempt to abuse any vulnerability for fun, profit or more sinister reasons. Therefore every software developer and administrator should have at least a basic understanding how to develop and run code securely. After all you don’t want to become the laughing stock on hacker news or cause your company to loose billions in shareholder value.
This talk won’t turn you into a security specialist over night, but you will learn how to avoid common mistakes in your daily work. I will introduce you to best practices and prevalent security bugs, hilarious anecdotes and some real life examples from my daily work as security engineer and Python core contributor.
Notes
In the Python community I’m know as maintainer of CPython’s ssl and hashlib module as well as contributor to Python security team. In my professional life I work as a security engineer in the areas of identity management and container security at Red Hat. I have given similar talks about security in the past. You can find a selection of my presentations on speakerdeck, https://speakerdeck.com/tiran/ . I have proposed the same talk for PyCon UK in October.
25 minutes are too short to explore a topic in depths. Instead I’m going to cover a bunch of topics in breadths with simple examples from various areas. I believe that this approach is going to make the talk more appealing and entertaining for less experienced attendees. The target audience are admins, teachers, and developers with at least a basic understanding of Python and networking.