From templating engines to filesystem interactions, contemporary Python development encompasses an array of moving parts interacting with one another to compose an application. These complex interactions can lead to subtle flaws that result in catastrophic security failures. We’ll demonstrate the techniques we use to break into Python web applications and APIs based on real-world examples as well as how to fix these types of issues in your own applications.
If you’re a developer but haven’t seen security from the attacker’s perspective before, then this talk will show you the ropes.