Python common security mistakes in 2022

Gil Cohen Gil Cohen
Eyal Greenberg Eyal Greenberg
Language: English
video in English
The presentation was given on 2022.06.28 at PyCon Israel 2022 - Conference.

Python gives developers multiple tools and best practices to avoid common security issues and vulnerabilities. However, real life requirements, obstacles and deadlines can sometimes cause good developers to produce insecure code that is vulnerable to common OWASP top 10 attacks like Authorization Bypass, SQL Injection and Cross Site Scripting (XSS).

This presentation shows examples based on real-life vulnerabilities we encounter at CYE in our everyday penetration testing of our clients, with vulnerable code examples and mitigations.

Presentation outline: Attack and threats - OWASP Top 10 * Parameter Tampering * SQL Injections * XSS\PXSS * Malicious File Upload

Mitigations * Parameterized Queries and ORM * Hardening: Authorizations + Views * Authorization and permission checks * Input Validation * Output HTML Encoding