Talk Python To Me #485: Secure coding for Python with SheHacksPurple
14 snips
Nov 15, 2024 Tonya Janca, also known as SheHacksPurple, is an application security expert passionate about securing software. In this discussion, she shares valuable insights on threat modeling and secure coding practices in Python. Tonya emphasizes the need for early security integration and collaboration in development teams. She highlights the challenges faced by new developers and real-life vulnerabilities like SQL injections. The conversation encourages adopting updated technologies and best practices to build a strong security culture within programming teams.
AI Snips
Chapters
Books
Transcript
Episode notes
Live Demo Sparked Immediate Fixes
- Tonya demonstrated SQL injection in a capture-the-flag and logged in without a password, shocking an attendee.
- The attendee fixed three vulnerabilities at work that night after being shown the exploit.
Threat Modeling Is Early Risk Reduction
- Threat modeling is structured 'evil brainstorming' with security, dev, and product owners collaborating to find what could go wrong.
- Early design fixes reduce cost and greatly lower risk compared to late-stage changes.
Embed Security Support Early
- Support developers with tools, training, and clear security requirements early rather than surprise them at the end.
- Embed AppSec as a collaborator that provides authentication, authorization, rate-limiting, and guidance during design.
