This presentation is an introduction to securing your Python web application. I am definitely not a security expert, just a developer who thinks security should be everyone's job. That's right. It's your responsibility too. Hopefully I can soften the blow by giving you a beginner's guide to security. That's me, the beginner.
We will pick apart an example Python web application to demonstrate good security practices, along with examples and explanations of why they are important.
I'll cover a few different web security topics:
- Not trusting any input from your users
- Authentication and session management
- Using HTTPS effectively
- Things not to do in client land
- Obvious mistakes
- Not so obvious mistakes
If you have written a web application and not thought twice about security, this talk is for you. If you can name the OWASP Top 10, then you can come along anyway and ask me a really tricky question at the end.