I’m hoping to put together a post with all the text of my talk and slides in a non-video format (because I like having my talks in non-talk format!), but in the meantime, enjoy the video of the talk I gave at PyCon this year!
The talk is on Python Security Tools, because I found at work that we didn’t have good training on how to secure Python, and when I went to fix that, I found out that even Google searches for “how do I secure python?” weren’t telling people the things I think they should know about securing their python code. So clearly there’s a need!
While high-level security concepts may transcend languages, each language has its own sets of tools and edge cases that are worth knowing. Python is one of many popular languages that is rarely the focus in security training, but that doesn’t mean python code is automatically secure (no matter what the internet tells you). Learn why people who say “pylint will help you with security” aren’t doing you any favours, how to use Bandit for security-focused linting and talk about other options for static analysis. Take a deeper look at why scanning for publicly known vulnerabilities is complicated, and how to use Pyup Safety to make it easier. We’ll also explore some language myths and best practices
On a personal note, speaking at PyCon is something I’ve wanted to do since my first PyCon back in Santa Clara in 2012, so I was super excited to get accepted this year!