Security in the age of frameworks
Security can never be one-size-fits-all, it requires constant and vigilant configuration, customization and verification. Failure to reevaluate correctness after minor, seemingly unrelated, configuration changes might completely strip any effectiveness of the security measures. Since developers didn't write them, we rely on them understanding the functionality by reading documentation at a level that includes known issues, which is rarely the case.
Since security measures ship with frameworks, sysadmins are also not fully aware of them, how they function, and what their failure modes look like. The demarcation line is unclear and as a result things fall through the cracks. Often times the simplest countermeasure is to bring it fresh pairs of eyes.
Duration: 25 min
This talk was chosen by Python Hrvatska user group.
Luka has been doing computer stuff professionally for well over 10 years. Initially self-exiled from the Microsoft world to PHP, he's since moved on to Python and more recently ansible and other opsy stuff. Despises frontend, likes doing talks. Currently Senior Software Engineer at noom.com, formerly CTO/cofounder at hitlistapp.com and developer at deviantart.com. Ran a small web studio in Croatia with a dozen happy customers. Splits time between Zagreb and New York. Dreams in matrixcode.