OWASP Top 10 Web Security Loopholes v/s Django - Which is “allegedly” secure no matter who is coding with it.
Soumya Singh (~soumya96) |
Description:
Django has swiftly made its way to the top of the web application stack and it is becoming extremely popular among the developers whether freshers or veterans due to its robust framework and inbuilt security features. However, a lot of the developers take this security for granted while developing a web application or an API and therefore often end up with some loopholes that can be exploited by the attackers directly impacting the consumer’s data and the website's reputation.
This workshop is intended to talk about those common and uncommon flaws giving special focus to the Owasp Top 10 standards of web application security, use cases where developers might fail to implement them and secure coding practices wrt the same.
We will be presenting a live demo on intentionally made vulnerable Django applications with real-life use cases. We will understand how hackers may exploit them, common mistakes developers might make which can lead to a specific vulnerability and how to patch them/build them securely along with secure coding best practices.
The demo application will be open source for the audience to try live during the workshop and after it too.
Prerequisites:
- Beginner level Django and Python knowledge
- Interest in understanding common attack methodologies and developing secure web applications.
Speaker Info:
Soumya Singh
Soumya Singh is a programmer at heart and she has 2+ years of experience in professional Django development and over 3 years experience with Android application development. She is currently working at BugsBounty.com - A crowd-sourced security platform for ethical hackers and organisations where she heads a team to build various security-related products. Besides this, she is LCCSA certified Ethical Hacker and takes cyber security rather seriously.