Professional Documents
Culture Documents
Completely
made up
statistics
★★★★
project
constraints!
Wednesday, September 8, 2010
Wednesday, September 8, 2010
30% of security
failures
★★★★
incompetence
or ignorance
Wednesday, September 8, 2010
See http://evilpacket.net/2010/jan/14/mifi-geopwn/
Wednesday, September 8, 2010
9% of security
failures
★★★★
needle in
the haystack
Wednesday, September 8, 2010
See http://evilpacket.net/2009/jul/9/rackspace-cloud-xss-root/
and http://evilpacket.net/2009/jul/9/theft-rackspace-cloud-api-key/
Wednesday, September 8, 2010
1% of security
failures
★★★★
0 days
Wednesday, September 8, 2010
Let’s talk
about the 90%
Wednesday, September 8, 2010
Sad Pony
Warning
& ampersand
Five < less than
|safe filter
mark_safe( )
Wednesday, September 8, 2010
Context matters.
<a href=”{{object.absolute_url}}” alt=”{{object.name}}”>
{{object.name}}</a>
Which is bad.
• Audit templates
getting • Audit reusables and snippets
• Disable PHP
getting
burned
secret_report.pdf
secret_report_1.pdf
“Not Found”
vs.
burned
eg /object/delete/2
[ REDACTED ]
• security@djangoproject.com
getting needs to check their email ;)
burned