Philip "Phildini" James, Asheesh Laroia

[ Ссылка ]

In this talk, you’ll learn about a category of security issue known as side channel attacks. You’ll be amused to see how features like automatic data compression, short-circuit execution, and deterministic hashing can be abused to bypass security systems. No security background knowledge is required. The talk assumes at least intermediate Python experience.

We’ll take a tour of real side channel vulnerabilities in open source Python codebases, including the patches that fixed them. It also offers practical advice for avoiding these issues. My goal is to demystify this topic, even if you aren’t writing security-critical software.

This talk is for intermediate or higher Python developers who want a foundation for understanding side channel security vulnerabilities. We hope to allow software developers without a security background to understand the security mindset.

A Python conference north of the Golden Gate


North Bay Python is a single-track conference with a carefully curated set of talks representing the diverse Python community and their different areas of interest.

If a topic is less to your interest, or you've met some people you really want to sit down and chat with, we'll have plenty of areas away from the main theatre to catch up and chat.

Our goal is to keep prices as low as possible. That means we won't be catering lunch. Instead, you can look forward to extra-long lunch breaks you can use to explore all of the great food options around the venue.

свернуть