Skip to content

Latest commit

 

History

History

Insecure Things to Avoid in Python

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 

Insecure Things to Avoid in Python

This talk describes various things in Python that, if used incorrectly, can lead to security risks. It shows examples of insecure serialization that can lead to remote code execution attacks, examples how an attacker can leverage those and ways to fix it (at least for yaml module). It also shows ways to exploit eval calls that were attempted to be sandboxed and describes pwnlib.safeeval that can be used to evaluate expressions (and more) in a secure fashion. In the end, it describes a Python reversing challenge from Python Challenges competition hosted on PyCon PL conference.

Resources:

Presented at

Authored by

  • Dominik 'disconnect3d' Czarnota