PyCon 2019 | Hands-On Web Application Security with Django

PyCon 2019 | Hands-On Web Application Security with Django

Speaker: Jacinda Shelly

XSS, SQL Injections and Improper Authorization, oh my! Between the OWASP Top 10, CSRF, stealing sessions, and DDOS attacks, have you ever felt that the world of web security was too complex to understand? Do you find yourself wishing that you understood what those acronyms *really* translate to in a live web application?

If so, then this is the tutorial you’ve been waiting for. In this tutorial, we’ll cover essential topics in web security, including the majority of the OWASP Top 10, but we *won’t* be doing it in a theoretical manner. We’ll take a live, deliberately insecure web application, identify the vulnerabilities, exploit them, and finally fix them. Sound cool? It is!

Topics include the following:

• Cross-site scripting (XSS)
• Cross-site request forgery (CSRF)
• Cookies and how they can be abused
• Why default passwords are dangerous
• Improper authorization checking
• Incorrect Session Management
• SQL Injection
• How to abuse Pickle
• And more!

You’ll also learn next steps and we’ll provide suggested resources for continuing your security education.

While previous experience with Django is not required, it is recommended. You should have an understanding of how web applications work in general and have completed the official [Django Tutorial](https://docs.djangoproject.com/en/2.1…) or something substantially similar.

Slides can be found at: https://speakerdeck.com/pycon2019 and https://github.com/PyCon/2019-slides