SlideShare a Scribd company logo

Testing python security pyconweb

Jose Manuel Ortega Candel
Jose Manuel Ortega Candel

Python is a language that in a easy way allows to scale up from starter projects to complex applications for data processing and serving dynamic web pages. But as you increase complexity in your applications, it can be easy to introduce potential problems and vulnerabilities. In this talk José Manuel Ortega will talk about the common security problems in Python code, like remote command execution and SQL injections. Of course he'll show to to prevent against these and other types of vulnerabilities. https://pyconweb.com/talks/26-05-2019/testing-python-security

Technology
1 of 49
Download to read offline
Testing python security PyconWeb 2019 1 @jmortegac Testing Python Security José Manuel Ortega @jmortegac
Testing python security PyconWeb 2019 2 @jmortegac jmortega.github.io
Testing python security PyconWeb 2019 3 @jmortegac ● Develop Python scripts for automating security and pentesting tasks ● Discover the Python standard library's main modules used for performing security-related tasks ● Automate analytical tasks and the extraction of information from servers ● Explore processes for detecting and exploiting vulnerabilities in servers ● Use network software for Python programming ● Perform server scripting and port scanning with Python ● Identify vulnerabilities in web applications with Python ● Use Python to extract metadata and forensics
Testing python security PyconWeb 2019 4 @jmortegac
Testing python security PyconWeb 2019 5 @jmortegac 1. Python dangerous functions 2. Common attack vectors 3. Static analisys tools 4. Other security issues
Testing python security PyconWeb 2019 6 @jmortegac Unsafe python components
Testing python security PyconWeb 2019 7 @jmortegac Dangerous Python Functions
Testing python security PyconWeb 2019 8 @jmortegac Security issues Here’s a list of handful of other potential issues to watch for: ● Dangerous python functions like eval() ● Serialization and deserialization objects with pickle ● SQL and JavaScript snippets
Testing python security PyconWeb 2019 9 @jmortegac Improper input/output validation
Testing python security PyconWeb 2019 10 @jmortegac eval() eval(expression[, globals[, locals]])
Testing python security PyconWeb 2019 11 @jmortegac eval() No globals
Testing python security PyconWeb 2019 12 @jmortegac eval() eval("__import__('os').system('clear') ", {}) eval("__import__('os').system('rm -rf')", {})
Testing python security PyconWeb 2019 13 @jmortegac eval() Refuse access to the builtins
Testing python security PyconWeb 2019 14 @jmortegac eval() https://docs.python.org/3/library/ast.html#ast.liter al_eval
Testing python security PyconWeb 2019 15 @jmortegac Serialization and Deserialization with Pickle WARNING: pickle or cPickle are NOT designed as safe/secure solution for serialization
Testing python security PyconWeb 2019 16 @jmortegac Serialization and Deserialization with Pickle
Testing python security PyconWeb 2019 17 @jmortegac Serialization and Deserialization with Pickle
Testing python security PyconWeb 2019 18 @jmortegac Serialization and Deserialization with Pickle
Testing python security PyconWeb 2019 19 @jmortegac Serialization and Deserialization with Pickle
Testing python security PyconWeb 2019 20 @jmortegac Input injection attacks
Testing python security PyconWeb 2019 21 @jmortegac Command Injection @app.route('/menu',methods =['POST']) def menu(): param = request.form [ ' suggestion '] command = ' echo ' + param + ' >> ' + ' menu.txt ' subprocess.call(command,shell = True) with open('menu.txt','r') as f: menu = f.read() return render_template('command_injection.html', menu = menu)
Testing python security PyconWeb 2019 22 @jmortegac Command Injection @app.route('/menu',methods =['POST']) def menu(): param = request.form [ ' suggestion '] command = ' echo ' + param + ' >> ' + ' menu.txt ' subprocess.call(command,shell = False) with open('menu.txt','r') as f: menu = f.read() return render_template('command_injection.html', menu = menu)
Testing python security PyconWeb 2019 23 @jmortegac Command Injection
Testing python security PyconWeb 2019 24 @jmortegac Command Injection >>> ping('8.8.8.8; rm -rf /') 64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=6.32 ms rm: cannot remove `/bin/dbus-daemon': Permission denied rm: cannot remove `/bin/dbus-uuidgen': Permission denied rm: cannot remove `/bin/dbus-cleanup-sockets': Permission denied rm: cannot remove `/bin/cgroups-mount': Permission denied rm: cannot remove `/bin/cgroups-umount': Permission denied >>> ping('8.8.8.8; rm -rf /') ping: unknown host 8.8.8.8; rm -rf /
Testing python security PyconWeb 2019 25 @jmortegac shlex module
Testing python security PyconWeb 2019 26 @jmortegac Common attack vectors OWASP TOP 10: A1 Injection A2 Broken Authentication and Session Management A3 Cross-Site Scripting (XSS) A4 Insecure Direct Object References A5 Security Misconfiguration A6 Sensitive Data Exposure A7 Missing Function Level Access Control A8 Cross-Site Request Forgery (CSRF) A9 Using Components with Known Vulnerabilities A10 Unvalidated Redirects and Forwards
Testing python security PyconWeb 2019 27 @jmortegac SQL Injection @app.route('/filtering') def filtering(): param = request.args.get('param', 'not set') Session = sessionmaker(bind = db.engine) session = Session() result = session.query(User).filter(" username ={} ".format(param)) for value in result: print(value.username , value.email) return ' Result is displayed in console.'
Testing python security PyconWeb 2019 28 @jmortegac Prevent SQL injection attacks Prevent SQL injection attacks ● NEVER concatenate untrusted inputs in SQL code. ● Concatenate constant fragments of SQL (literals) with parameter placeholders. ● cur.execute("SELECT * FROM students WHERE name= '%s';" % name) ● c.execute("SELECT * from students WHERE name=(?)" , name)
Testing python security PyconWeb 2019 29 @jmortegac XSS from flask import Flask , request , make_response app = Flask(__name__) @app.route ('/XSS_param',methods =['GET ]) def XSS(): param = request.args.get('param','not set') html = open('templates/XSS_param.html ').read() resp = make_response(html.replace('{{ param}}',param)) return resp if __name__ == ' __main__ ': app.run(debug = True)
Testing python security PyconWeb 2019 30 @jmortegac XSS Server Side Template Injection (SSTI)
Testing python security PyconWeb 2019 31 @jmortegac XSS
Testing python security PyconWeb 2019 32 @jmortegac XSS
Testing python security PyconWeb 2019 33 @jmortegac Automated security testing Automatic Scanning tools: ● SQLMap: Sql injection ● XSScrapy: Sql injection and XSS Source Code Analysis tools: ● Bandit: Open Source and can be easily integrated with Jenkins CI/CD
Testing python security PyconWeb 2019 34 @jmortegac SQLMap
Testing python security PyconWeb 2019 35 @jmortegac SQLMap
Testing python security PyconWeb 2019 36 @jmortegac Bandit
Testing python security PyconWeb 2019 37 @jmortegac Bandit
Testing python security PyconWeb 2019 38 @jmortegac Bandit Test plugins
Testing python security PyconWeb 2019 39 @jmortegac Bandit Test plugins
Testing python security PyconWeb 2019 40 @jmortegac Bandit Test plugins
Testing python security PyconWeb 2019 41 @jmortegac Bandit Test plugins
Testing python security PyconWeb 2019 42 @jmortegac Bandit Test plugins
Testing python security PyconWeb 2019 43 @jmortegac Bandit Test plugins SELECT %s FROM derp;” % var “SELECT thing FROM ” + tab “SELECT ” + val + ” FROM ” + tab + … “SELECT {} FROM derp;”.format(var)
Testing python security PyconWeb 2019 44 @jmortegac Tools
Testing python security PyconWeb 2019 45 @jmortegac Tools
Testing python security PyconWeb 2019 46 @jmortegac Other security issues Insecure packages
Testing python security PyconWeb 2019 47 @jmortegac Interesting links https://github.com/jmortega/testing_python_security
Testing python security PyconWeb 2019 48 @jmortegac Interesting links https://security.openstack.org/#bandit-static-analysis-for-python https://security.openstack.org/guidelines/dg_use-subprocess-securely.html https://security.openstack.org/guidelines/dg_avoid-shell-true.html https://security.openstack.org/guidelines/dg_parameterize-database-querie s.html https://security.openstack.org/guidelines/dg_cross-site-scripting-xss.html https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsin g-libraries.html
Testing python security PyconWeb 2019 49 @jmortegac

Recommended

Testing python security PyCon IE
Testing python security PyCon IETesting python security PyCon IE
Testing python security PyCon IEJose Manuel Ortega Candel
 
Exceptions & Its Handling
Exceptions & Its HandlingExceptions & Its Handling
Exceptions & Its HandlingBharat17485
 
2008 - TechDays PT: WCF, JSON and AJAX for performance and manageability
2008 - TechDays PT: WCF, JSON and AJAX for performance and manageability2008 - TechDays PT: WCF, JSON and AJAX for performance and manageability
2008 - TechDays PT: WCF, JSON and AJAX for performance and manageabilityDaniel Fisher
 
We Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityWe Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityPVS-Studio
 
OCP Java SE 8 Exam - Sample Questions - Exceptions and Assertions
OCP Java SE 8 Exam - Sample Questions - Exceptions and AssertionsOCP Java SE 8 Exam - Sample Questions - Exceptions and Assertions
OCP Java SE 8 Exam - Sample Questions - Exceptions and AssertionsGanesh Samarthyam
 
Building resilient services in go
Building resilient services in goBuilding resilient services in go
Building resilient services in goJaehue Jang
 
Pengenalan Unit Testing dan TDD
Pengenalan Unit Testing dan TDDPengenalan Unit Testing dan TDD
Pengenalan Unit Testing dan TDDtlabamazing
 
Php5 certification mock exams
Php5 certification mock examsPhp5 certification mock exams
Php5 certification mock examsecho liu
 

Recommended

Testing python security PyCon IE
Testing python security PyCon IETesting python security PyCon IE
Testing python security PyCon IEJose Manuel Ortega Candel
 
Exceptions & Its Handling
Exceptions & Its HandlingExceptions & Its Handling
Exceptions & Its HandlingBharat17485
 
2008 - TechDays PT: WCF, JSON and AJAX for performance and manageability
2008 - TechDays PT: WCF, JSON and AJAX for performance and manageability2008 - TechDays PT: WCF, JSON and AJAX for performance and manageability
2008 - TechDays PT: WCF, JSON and AJAX for performance and manageabilityDaniel Fisher
 
We Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityWe Continue Exploring Tizen: C# Components Proved to be of High Quality
We Continue Exploring Tizen: C# Components Proved to be of High QualityPVS-Studio
 
OCP Java SE 8 Exam - Sample Questions - Exceptions and Assertions
OCP Java SE 8 Exam - Sample Questions - Exceptions and AssertionsOCP Java SE 8 Exam - Sample Questions - Exceptions and Assertions
OCP Java SE 8 Exam - Sample Questions - Exceptions and AssertionsGanesh Samarthyam
 
Building resilient services in go
Building resilient services in goBuilding resilient services in go
Building resilient services in goJaehue Jang
 
Pengenalan Unit Testing dan TDD
Pengenalan Unit Testing dan TDDPengenalan Unit Testing dan TDD
Pengenalan Unit Testing dan TDDtlabamazing
 
Php5 certification mock exams
Php5 certification mock examsPhp5 certification mock exams
Php5 certification mock examsecho liu
 
Test Fest 2009
Test Fest 2009Test Fest 2009
Test Fest 2009Pierre Joye
 
OCP Java SE 8 Exam - Sample Questions - Generics and Collections
OCP Java SE 8 Exam - Sample Questions - Generics and CollectionsOCP Java SE 8 Exam - Sample Questions - Generics and Collections
OCP Java SE 8 Exam - Sample Questions - Generics and CollectionsGanesh Samarthyam
 
C pointers
C pointersC pointers
C pointersMd. Shafiuzzaman Hira
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling sharqiyem
 
The First C# Project Analyzed
The First C# Project AnalyzedThe First C# Project Analyzed
The First C# Project AnalyzedPVS-Studio
 
OCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIOCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIGanesh Samarthyam
 
Python Programming Essentials - M39 - Unit Testing
Python Programming Essentials - M39 - Unit TestingPython Programming Essentials - M39 - Unit Testing
Python Programming Essentials - M39 - Unit TestingP3 InfoTech Solutions Pvt. Ltd.
 
The Death of Flaky Tests by Dave Haeffner
The Death of Flaky Tests by Dave HaeffnerThe Death of Flaky Tests by Dave Haeffner
The Death of Flaky Tests by Dave HaeffnerSauce Labs
 
C++ The Principles of Most Surprise
C++ The Principles of Most SurpriseC++ The Principles of Most Surprise
C++ The Principles of Most SurprisePatricia Aas
 
Exception handling in java
Exception handling in javaException handling in java
Exception handling in javaAmbigaMurugesan
 
Basic structure of a c program
Basic structure of a c programBasic structure of a c program
Basic structure of a c programMumtaz Ahmad
 
Algoritmos sujei
Algoritmos sujeiAlgoritmos sujei
Algoritmos sujeigersonjack
 
Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Patricia Aas
 
Agile mobile
Agile mobileAgile mobile
Agile mobileGodfrey Nolan
 
Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Sebastiano Panichella
 
12 Exceptions handling
12 Exceptions handling12 Exceptions handling
12 Exceptions handlingmaznabili
 
Program structure of c
Program structure of cProgram structure of c
Program structure of cSatveer Mann
 
Web App Testing With Selenium
Web App Testing With SeleniumWeb App Testing With Selenium
Web App Testing With Seleniumjoaopmaia
 
Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Patricia Aas
 
Handling
HandlingHandling
HandlingAmit Vats
 
Pemrograman Python untuk Pemula
Pemrograman Python untuk PemulaPemrograman Python untuk Pemula
Pemrograman Python untuk PemulaOon Arfiandwi
 
Secure your Web Application With The New Python Audit Hooks
Secure your Web Application With The New Python Audit HooksSecure your Web Application With The New Python Audit Hooks
Secure your Web Application With The New Python Audit HooksNicolas Vivet
 

More Related Content

What's hot

OCP Java SE 8 Exam - Sample Questions - Generics and Collections
OCP Java SE 8 Exam - Sample Questions - Generics and CollectionsOCP Java SE 8 Exam - Sample Questions - Generics and Collections
OCP Java SE 8 Exam - Sample Questions - Generics and CollectionsGanesh Samarthyam
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling sharqiyem
 
The First C# Project Analyzed
The First C# Project AnalyzedThe First C# Project Analyzed
The First C# Project AnalyzedPVS-Studio
 
OCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIOCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIGanesh Samarthyam
 
The Death of Flaky Tests by Dave Haeffner
The Death of Flaky Tests by Dave HaeffnerThe Death of Flaky Tests by Dave Haeffner
The Death of Flaky Tests by Dave HaeffnerSauce Labs
 
C++ The Principles of Most Surprise
C++ The Principles of Most SurpriseC++ The Principles of Most Surprise
C++ The Principles of Most SurprisePatricia Aas
 
Exception handling in java
Exception handling in javaException handling in java
Exception handling in javaAmbigaMurugesan
 
Basic structure of a c program
Basic structure of a c programBasic structure of a c program
Basic structure of a c programMumtaz Ahmad
 
Algoritmos sujei
Algoritmos sujeiAlgoritmos sujei
Algoritmos sujeigersonjack
 
Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Patricia Aas
 
Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Sebastiano Panichella
 
12 Exceptions handling
12 Exceptions handling12 Exceptions handling
12 Exceptions handlingmaznabili
 
Program structure of c
Program structure of cProgram structure of c
Program structure of cSatveer Mann
 
Web App Testing With Selenium
Web App Testing With SeleniumWeb App Testing With Selenium
Web App Testing With Seleniumjoaopmaia
 
Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Patricia Aas
 

What's hot (20)

Test Fest 2009
Test Fest 2009Test Fest 2009
Test Fest 2009
 
OCP Java SE 8 Exam - Sample Questions - Generics and Collections
OCP Java SE 8 Exam - Sample Questions - Generics and CollectionsOCP Java SE 8 Exam - Sample Questions - Generics and Collections
OCP Java SE 8 Exam - Sample Questions - Generics and Collections
 
C pointers
C pointersC pointers
C pointers
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling
 
The First C# Project Analyzed
The First C# Project AnalyzedThe First C# Project Analyzed
The First C# Project Analyzed
 
OCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIOCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams API
 
Python Programming Essentials - M39 - Unit Testing
Python Programming Essentials - M39 - Unit TestingPython Programming Essentials - M39 - Unit Testing
Python Programming Essentials - M39 - Unit Testing
 
The Death of Flaky Tests by Dave Haeffner
The Death of Flaky Tests by Dave HaeffnerThe Death of Flaky Tests by Dave Haeffner
The Death of Flaky Tests by Dave Haeffner
 
C++ The Principles of Most Surprise
C++ The Principles of Most SurpriseC++ The Principles of Most Surprise
C++ The Principles of Most Surprise
 
Exception handling in java
Exception handling in javaException handling in java
Exception handling in java
 
Basic structure of a c program
Basic structure of a c programBasic structure of a c program
Basic structure of a c program
 
Algoritmos sujei
Algoritmos sujeiAlgoritmos sujei
Algoritmos sujei
 
Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)
 
Agile mobile
Agile mobileAgile mobile
Agile mobile
 
Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...
 
12 Exceptions handling
12 Exceptions handling12 Exceptions handling
12 Exceptions handling
 
Program structure of c
Program structure of cProgram structure of c
Program structure of c
 
Web App Testing With Selenium
Web App Testing With SeleniumWeb App Testing With Selenium
Web App Testing With Selenium
 
Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)
 
Handling
HandlingHandling
Handling
 

Similar to Testing python security pyconweb

Pemrograman Python untuk Pemula
Pemrograman Python untuk PemulaPemrograman Python untuk Pemula
Pemrograman Python untuk PemulaOon Arfiandwi
 
Secure your Web Application With The New Python Audit Hooks
Secure your Web Application With The New Python Audit HooksSecure your Web Application With The New Python Audit Hooks
Secure your Web Application With The New Python Audit HooksNicolas Vivet
 
Effective testing with pytest
Effective testing with pytestEffective testing with pytest
Effective testing with pytestHector Canto
 
Quality of life through Unit Testing
Quality of life through Unit TestingQuality of life through Unit Testing
Quality of life through Unit TestingSian Lerk Lau
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Тестирование и Django
Тестирование и DjangoТестирование и Django
Тестирование и DjangoMoscowDjango
 
Python Network Programming – Course Applications Guide
Python Network Programming – Course Applications GuidePython Network Programming – Course Applications Guide
Python Network Programming – Course Applications GuideMihai Catalin Teodosiu
 
Seven Peaks Speaks - Compose Screenshot Testing Made Easy
Seven Peaks Speaks - Compose Screenshot Testing Made EasySeven Peaks Speaks - Compose Screenshot Testing Made Easy
Seven Peaks Speaks - Compose Screenshot Testing Made EasySeven Peaks Speaks
 
Mastering Mock Objects - Advanced Unit Testing for Java
Mastering Mock Objects - Advanced Unit Testing for JavaMastering Mock Objects - Advanced Unit Testing for Java
Mastering Mock Objects - Advanced Unit Testing for JavaDenilson Nastacio
 
How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...
How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...
How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...Wim Selles
 
Taking Jenkins Pipeline to the Extreme
Taking Jenkins Pipeline to the ExtremeTaking Jenkins Pipeline to the Extreme
Taking Jenkins Pipeline to the Extremeyinonavraham
 
Testing the frontend
Testing the frontendTesting the frontend
Testing the frontendHeiko Hardt
 
Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...
Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...
Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...Sunaina Pai
 
What do you mean it needs to be Java based? How jython saved the day.
What do you mean it needs to be Java based? How jython saved the day.What do you mean it needs to be Java based? How jython saved the day.
What do you mean it needs to be Java based? How jython saved the day.Mark Rees
 
Workshop quality assurance for php projects tek12
Workshop quality assurance for php projects tek12Workshop quality assurance for php projects tek12
Workshop quality assurance for php projects tek12Michelangelo van Dam
 
pytest로 파이썬 코드 테스트하기
pytest로 파이썬 코드 테스트하기pytest로 파이썬 코드 테스트하기
pytest로 파이썬 코드 테스트하기Yeongseon Choe
 

Similar to Testing python security pyconweb (20)

Pemrograman Python untuk Pemula
Pemrograman Python untuk PemulaPemrograman Python untuk Pemula
Pemrograman Python untuk Pemula
 
Secure your Web Application With The New Python Audit Hooks
Secure your Web Application With The New Python Audit HooksSecure your Web Application With The New Python Audit Hooks
Secure your Web Application With The New Python Audit Hooks
 
Effective testing with pytest
Effective testing with pytestEffective testing with pytest
Effective testing with pytest
 
Quality of life through Unit Testing
Quality of life through Unit TestingQuality of life through Unit Testing
Quality of life through Unit Testing
 
Python para equipos de ciberseguridad
Python para equipos de ciberseguridad Python para equipos de ciberseguridad
Python para equipos de ciberseguridad
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Тестирование и Django
Тестирование и DjangoТестирование и Django
Тестирование и Django
 
Zone IDA Proc
Zone IDA ProcZone IDA Proc
Zone IDA Proc
 
Django
DjangoDjango
Django
 
Python Network Programming – Course Applications Guide
Python Network Programming – Course Applications GuidePython Network Programming – Course Applications Guide
Python Network Programming – Course Applications Guide
 
Seven Peaks Speaks - Compose Screenshot Testing Made Easy
Seven Peaks Speaks - Compose Screenshot Testing Made EasySeven Peaks Speaks - Compose Screenshot Testing Made Easy
Seven Peaks Speaks - Compose Screenshot Testing Made Easy
 
Mastering Mock Objects - Advanced Unit Testing for Java
Mastering Mock Objects - Advanced Unit Testing for JavaMastering Mock Objects - Advanced Unit Testing for Java
Mastering Mock Objects - Advanced Unit Testing for Java
 
How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...
How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...
How React Native, Appium and me made each other shine @ContinuousDeliveryAmst...
 
Taking Jenkins Pipeline to the Extreme
Taking Jenkins Pipeline to the ExtremeTaking Jenkins Pipeline to the Extreme
Taking Jenkins Pipeline to the Extreme
 
Testing the frontend
Testing the frontendTesting the frontend
Testing the frontend
 
ADLAB.pdf
ADLAB.pdfADLAB.pdf
ADLAB.pdf
 
Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...
Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...
Python Mock Object Library: Common Pitfalls and Best Practices - Sunaina Pai ...
 
What do you mean it needs to be Java based? How jython saved the day.
What do you mean it needs to be Java based? How jython saved the day.What do you mean it needs to be Java based? How jython saved the day.
What do you mean it needs to be Java based? How jython saved the day.
 
Workshop quality assurance for php projects tek12
Workshop quality assurance for php projects tek12Workshop quality assurance for php projects tek12
Workshop quality assurance for php projects tek12
 
pytest로 파이썬 코드 테스트하기
pytest로 파이썬 코드 테스트하기pytest로 파이썬 코드 테스트하기
pytest로 파이썬 코드 테스트하기
 

More from Jose Manuel Ortega Candel

Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfAsegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfJose Manuel Ortega Candel
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfPyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfJose Manuel Ortega Candel
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Jose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Jose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfEvolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfJose Manuel Ortega Candel
 
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfImplementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfJose Manuel Ortega Candel
 
Seguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudSeguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudJose Manuel Ortega Candel
 
Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Jose Manuel Ortega Candel
 
Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Jose Manuel Ortega Candel
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sJose Manuel Ortega Candel
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Jose Manuel Ortega Candel
 
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanShodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanJose Manuel Ortega Candel
 
ELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamJose Manuel Ortega Candel
 
Monitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsMonitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsJose Manuel Ortega Candel
 
Python memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorPython memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorJose Manuel Ortega Candel
 
Machine Learning para proyectos de seguridad(Pycon)
Machine Learning para proyectos de seguridad(Pycon)Machine Learning para proyectos de seguridad(Pycon)
Machine Learning para proyectos de seguridad(Pycon)Jose Manuel Ortega Candel
 

More from Jose Manuel Ortega Candel (20)

Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfAsegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfPyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdf
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops
 
Evolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfEvolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdf
 
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfImplementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdf
 
Computación distribuida usando Python
Computación distribuida usando PythonComputación distribuida usando Python
Computación distribuida usando Python
 
Seguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudSeguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloud
 
Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud
 
Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8s
 
Implementing cert-manager in K8s
Implementing cert-manager in K8sImplementing cert-manager in K8s
Implementing cert-manager in K8s
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)
 
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanShodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
 
ELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue Team
 
Monitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsMonitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source tools
 
Python Memory Management 101(Europython)
Python Memory Management 101(Europython)Python Memory Management 101(Europython)
Python Memory Management 101(Europython)
 
SecDevOps containers
SecDevOps containersSecDevOps containers
SecDevOps containers
 
Python memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorPython memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collector
 
Machine Learning para proyectos de seguridad(Pycon)
Machine Learning para proyectos de seguridad(Pycon)Machine Learning para proyectos de seguridad(Pycon)
Machine Learning para proyectos de seguridad(Pycon)
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Testing python security pyconweb