-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcfp-proposal
36 lines (26 loc) · 1.45 KB
/
cfp-proposal
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Protected Python: It's time we had 'the talk'
## Elevator Pitch
Today, developers and users of Python are being attacked on a daily basis most of the
time without their knowledge. We need to be more aware of these attacks and weaknesses
to make more educated design descisions for our Python code. In this talk, we'll go
over some of the biggest issues that developers face as vulnerabilities and how to
protect against them.
## Description
Today, developers and users of Python are being attacked on a daily basis most of the
time without their knowledge. We need to be more aware of these attacks and weaknesses
to make more educated design descisions for our Python code.
In this talk we'll go over some of the major issue they face when it comes to developing
Python application and cybersecurity principals. These include:
* typo squatting of pip packages
* using the `eval` function on untrusted code
* using untrusted `pickle`'d data
* using old/outdated packages
Additionally we'll cover different ways to protect yourself from these attacks:
* checking signed packages
* using package managers such as conda to keep packages updated
* using the package `safety` to run checks
* make sure the package you're installing is the correct package
## Notes
I work at NASA's Jet Propulsion Laboratory as a Software Assurance Engineer where I work
with a team of other engineers in identifying and assuring different aspects of
cybersecurity practices and principles.