Django Security - Different Serialization Formats And Which Ones (Not) to Use
In this part of the Django security series, you'll learn about different serialization formats (including JSON, YAML and XML) and the security risks to look out for when using them (+ code demos).
7 Tips For Getting Better At Django:
https://mailchi.mp/dea592ab3f6d/tips-...
We'll also talk about binary formats and leave with two important security lessons you should keep in mind!
Here are the timestamps:
0:00 - Intro
0:12 - Pickling
0:51 - Pros and cons of pickling
2:37 - Pickle example attack
4:02 - YAML (+ example attack)
6:46 - JSON
8:39 - XML (+ billion laughs attack example)
13:01 - JSON vs. XML
16:15 - Binary Formats
16:45 - Never trust user input
17:29 - Security by obscurity should not be relied upon
18:03 - Outro
Arun's blog: https://arunrocks.com/
Arun's twitter: / arocks
Arun's book (Django Design Patterns And Best Practices, Second Edition):
https://www.amazon.com/Django-Design-...
Anyway, you can find the details in the video and feel free to ask if you have any questions!
If you enjoyed this video, make sure to subscribe and share it with anyone you think could enjoy it as well.
Drop any questions you have in the comments!
I hope to see you inside of the next episode,
Cheers.
Смотрите видео Django Security - Different Serialization Formats And Which Ones (Not) to Use онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь The Dumbfounds 16 Октябрь 2018, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 4,06 раз и оно понравилось 8 людям.