If your Python application has users, you should be worried about security. This talk will cover advanced material, highlighting common mistakes. Topics will include hashing and salts, timing attacks, serialization, and much more. Expect eye opening demos, and an urge to go fix your code right away.
If your Python application has users (even if it's used offline), you should be worried about security. This talk will cover advanced material, highlighting common mistakes.
Hashing and encryption can be tricky to get right. We'll discuss when to use hashing to sign data, and how to choose the right encryption algorithm (spoiler: don't). We'll demonstrate length extension attacks, and discuss how to prevent them.
Another common mistake is the incorrect use of pseudo-random number generators. We'll discuss the fix, and some of the dangers associated with it.
Timing attacks are relatively exotic, but as applications move into shared data centers (and shared virtual machines) they have become easier to implement and more dangerous. They're a very common class of bugs, but fixing them (and proving they're fixed) can be difficult.
Pickle is a common and easy to use serialization format for Python objects. Unfortunately, it's also insecure when attackers can send or modify the pickled data. We'll discuss strategies for signing pickled objects, and alternate serialization formats.
The final portion of the talk will discuss a meta security problem within the Python community. I'll be demonstrating live code that can compromise even the most locked down of servers, and discussing the steps we need to take as a community to mitigate this threat moving forward.
Nobody thinks you have to be a performance expert to write performance tests- why assume that you have to be a security expert to write security tests? During this presentation I'll show you how to use fuzzers, attack tools, and other simple techniques to help protect your users, improve the strength of your existing tests, and gain confidence in the security of your code. There will be demos!
Fundamentally, testing is about gaining confidence in the properties of your system- confidence that a refactor preserves behavior, that a new feature doesn't hurt performance, that your code is correct and operates as expected.
Unfortunately, such tests seldom include the adversarial assumption- that one of your users (or admins, or ...) is out to get you. The goal of security testing is to cover this gap by building the tools to ensure that your code will not fail, even when an unusually clever or determined attacker tries to take you down.
The talk is therefore divided into two major parts. The first ('mocking with malice') focuses on how to improve your existing test sequence and add the adversarial assumption. The second ('how to build a bad user') aims to help developers better understand their attack surface, the capabilities of their adversaries, and the tools available to help defeat them.
By the end of the talk, developers should have a strong understanding of how to build security testing into their test regimen and how it can help them gain confidence in their code and better protect their users.
7th–15th March 2012