Given recent increases in hostile attacks on internet services and large scale surveillance operations by certain unnamed government organizations, security in our software is becoming ever more important. We'll give you an idea of how modern crypto works in web services and clients, look at some of the common flaws in these crypto implementations, and discuss recent developments in TLS. Abstract In this talk I'll explain what happens behind the scenes when we try to establish a secure connection to a web site. I'll cover the common security flaws in popular TLS implementations like OpenSSL, and show how these issues can be avoided if we have a well-designed TLS implementation in a high level language like Python.
Finally, I'll demonstrate and discuss how the API design of OpenSSL leads to application bugs, and a lack of abstract secure defaults leads to insecure applications.
Bio Ashwini is a Software Engineer at Eventbrite, and an open source developer living in San Francisco. In the past, she has worked on a pure Python TLS implementation through the Stripe Open Source Retreat, an asynchronous event-driven networking framework - Twisted, and a PHP implementation in RPython called HippyVM. She also served as a Director of the Python Software Foundation last year.