PyCon, the gathering for the community using and developing the open-source Python programming language. During PyCon Pune, the community will meet for two days of talks and work on upstream projects in two days of dev sprint.
See below for the proposal for the proposal. The abstract and outlines are mandatory fields.
Also, I’ve submitted several talks to several conferences but never been accepted, so if we want to have SD present, my track record says someone else should write this. Ha.
The Complexity of Security
There’s often the misconception about security that it can be bolted on like the S that was add to HTTP to “magically” make we web secure, but the reality is that a secure web app needs to be designed as such from the ground up. Even so, extensive analysis and testing is required to be able to meet the minimum criteria of “not insecure.” This talk will be a case study on SecureDrop, a reasonably secure Python webapp, where we will discuss the threat model, design decisions, implementation, and testing of the application. These concepts will be generalized to other real world cases.
This talk will start by introducing SecureDrop, a Python web application that allows individuals to anonymously communicate with and leak documents to journalists. Next, we will briefly discuss the threat model used in dictating SecureDrop’s design by looking at attacker goals and assumed capabilities. We will then discuss the design of the application looking at both design successes and design failures as well as how these decisions were implemented. From there, we will touch on testing, both unit and functional, to ensure that the matches the design spec in our heads. Last, will map all of the above concepts back from SecureDrop-specific to more general uses cases.
For the record the submission is at https://pyconpune.talkfunnel.com/2018/31-the-complexity-of-security