PyCon APAC 2022|一般演講 Talks|國泰金控 Cathay Financial Holdings / 美光科技 Micron 冠名贊助
✏️ 共筆 Note:https://hackmd.io/@pycontw/S1CeDpXJj
?? Slido:https://app.sli.do/event/pahqjwBL6eQNto2TDS2qog
? 投影片 Slides:https://speakerdeck.com/yyyyyyyan/pycon-apac-2022-writing-secure-code-in-python
? 語言 Language:英文 English
? 層級 Level:中階 Intermediate
? 分類 Category:資訊安全 Security
? 摘要 Abstract ?
The talk will analyze a series of vulnerabilities that given some common mistakes might end up damaging your Python programs. At the end, a precaution and audit method will be presented.
? 說明 Description ?
Is your Python code secure? This talk will show how some inattentions, mistakes and assumptions that we, as developers, carry in our code can lead to serious vulnerabilities in our applications. All of that, of course, with lots of examples! At the end, the talk will present a simple way to audit Python code in order to facilitate the maintenance of your security with the identification of possible vulnerabilities.
- Learn how eval(), pickle, and pip are vulnerable to arbitrary code execution
- Understand the importance of cryptographically-secure randomness
- Learn how to audit your code and keep your programs secure
- And more!
? 關於講者 About Speaker - Yan Orestes ?
Yan Orestes is a Brazilian Python developer, speaker, privacy freak and security enthusiast. He's worked as a teacher and takes education as a true passion in his life. Whenever he finds time, Yan ends up writing blog posts and essays and talking in conferences everywhere, following what he believes is most important in the world - sharing knowledge.
#pycontw #pyconapac2022 #python #datasecurity
Follow “PyCon Taiwan”
⭐️ Official Website: https://tw.pycon.org
⭐️ Facebook: https://www.facebook.com/pycontw
⭐️ Instagram: https://www.instagram.com/pycontw
⭐️ Twitter: https://twitter.com/PyConTW
⭐️ LinkedIn: https://www.linkedin.com/company/pycontw
⭐️ Blogger: https://pycontw.blogspot.com
...
https://www.youtube.com/watch?v=lcYCbwZ3Uug
Day 1, R1 13:45–14:15
Python is flexible and allows us to implement the same function in different ways. Some ways are simpler, more efficient, or more secure than others and are preferred as coding conventions. We have a big codebase with hundreds of developers and thus coding convention is especially important to prevent bad patterns being copy-pasted and spread around. We started with building lint rules as Flake8 plugins and found limitations. We also wanted to be able to provide auto-fixes for lint violations. So we built Fixit.
Fixit is a lint framework that complements Flake8. It’s based on LibCST which makes it possible to provide auto-fixes. Lint rules are made easy to build through matcher pattern, test toolkit, utility helpers (e.g. scope analysis) for non-trivial boilerplate. It is optimized for efficiency, easy to customize and comes with many builtin lint rules. In this talk, you’ll learn our story of building Fixit and learn to use it in your project to help you write better Python code!
Slides: https://github.com/jimmylai/talks/blob/master/pycon_taiwan_2020_fixit.pdf
Speaker: Jimmy Lai
Jimmy Lai is a Software Engineer in Instagram Infrastructure. His recent interest is Python efficiency, including profiling, optimization and asyncio. He has been sharing his experiences in PyCon Taiwan since 2012. This year, he plan to share his automated refactoring experience on large scale Python codebase.
...
https://www.youtube.com/watch?v=Hr_H0NfclE0
PyCon Taiwan 2016|一般演講 Talks
? 摘要 Abstract ?
Recently, the breakthrough of artificial intelligence is achieved by the Deep Learning algorithms. By simulating the mechanism of the visual system in human, the Deep Learning algorithms can achieve the human-level precision in image recognition tasks. Also, it is possible to mimic the process of "Creating an Artwork" by deep neural networks. Given a photo A and a artwork B, this deep neural can create a new artwork with the exactly same content with photo A and same style with artworks B.
? 關於講者 About Speaker - Mark Chang ?
A Python developer and machine learning scientist in "Learning by Hacking", and he is specialized in deep learning, natural language processing and computer vision.
He is also a web engineer in g0v community and Appendectomy Project.
- Blog: http://cpmarkchang.logdown.com/
#python #pycontw #pycontw2016
Follow “PyCon Taiwan”
⭐️ Official Website: https://tw.pycon.org
⭐️ Facebook: https://www.facebook.com/pycontw
⭐️ Instagram: https://www.instagram.com/pycontw
⭐️ Twitter: https://twitter.com/PyConTW
⭐️ LinkedIn: https://www.linkedin.com/company/pycontw
⭐️ Blogger: https://pycontw.blogspot.com
...
https://www.youtube.com/watch?v=MlHNyx7fbok
PyCon Taiwan 2023|Talk 演講|Day 1, R1 13:45–14:15
? 說明 Description ?
希望能藉由各種實務經驗與案例來與專業軟體工程師分享,「資深與否」在提交程式碼(pull-request)、被審查(code review)之前、中、後各階段的表現與期待。特別是在:一.Python 程式碼的撰寫與審查要點。二.與第一點相關的環境、工具與方法。總結的話會從資深工程師的 Python 程式碼審查帶到組織裡的溝通、學習、分享與徵才等等面向,並保留一定的時間給大家 Q&A。
? 講者介紹 About Speaker - Keith Yang ?
Keith 是台灣最大的 Python 使用者群組 Taipei.py 的共同創辦人、主辦人,也曾是 PyCon APAC 2015 的主席。從 2006 起,他的工作主要專注在 web/後端/雲端服務上。寫程式、爬山、旅行、打電動曾是他一半的生活,現在帶領團隊成為他 2023 的探索。滑板或圍巾是他的隨身配備。假如圍巾沒出現的話,有人會問我說今天 Keith 沒來喔?
●●●
Keith is the co-founder and co-organizer of Taipei.py, the largest Python user group in Taiwan. He is a Lead Backend Engineer at iCHEF and served as Chairperson of PyCon APAC 2015. Since 2006, his work has mostly focused on web, backend, and cloud services. Coding, hiking, traveling, and video games were half of his life; now, team leading is his 2023 quest. A skateboard or a scarf are essential items in his life. If the scarf isn't present, someone could ask, "Is Keith absent today?"
Follow “PyCon Taiwan”
⭐️ Official Website: https://tw.pycon.org
⭐️ Facebook: https://www.facebook.com/pycontw
⭐️ Instagram: https://www.instagram.com/pycontw
⭐️ Twitter: https://twitter.com/PyConTW
⭐️ LinkedIn: https://www.linkedin.com/company/pycontw
⭐️ Blogger: https://conf.python.tw/
...
https://www.youtube.com/watch?v=ys1ZGOthZ44