2024-08-23 –, Middle Room
This workshop is a 4 hour introduction to cyber security concepts in Python with a focus on web applications.
This workshop will use a vulnerable Flask website to demonstrate various vulnerabilities from the OWASP top 10 and other common vulnerabilities I've found through my career.
For details please see https://kiwipycon.nz/programme/friday-workshops
For each vulnerability covered, it will be laid out in roughly the following format:
An introduction to the issue at a high level (this will cover things such as what the issue is, potential impact to applications and how to test for it in your own applications).
Hands on hacking where each attendee will attempt to exploit the issue in the vulnerable Flask application (experienced helpers will be on hand to help walk you through exploiting each issue).
After exploiting the issue, we will discuss mitigating steps and ways to fix this in your applications.
Attendees will then fix the issue on a local version of the vulnerable site and verify their fix (experienced helpers will also be on hand to assist with this step).
This workshop will also introduce attendees to various tooling for both exploiting vulnerabilities as well as Python tooling to help prevent the vulnerabilities in the first place.
Intermediate
Ethan McKee-Harris, aka Skelmis, is a security consultant by day and Python developer by night.
He spends his days hacking web applications and bypassing voice authentication systems.
Beyond that, Ethan is an avid Python open source developer with experience on both sides of the metaphorical 'security fence'.