Why does Python need security transparency?
By Steve Dower

Imagine you could run one single command on one computer at the NSA. You would probably run "python" to use its OS and network features undetected, just like real attackers do. If someone did it on your network, would you notice? PEP 551 makes it so that admins can audit Python and detect malicious use on their systems. This session will look at why we need it and how to use it.

Saturday 11:35 a.m.–noon

The days of "software vulnerability" being a synonym for "buffer overflow" are over. Modern vulnerabilities are those that enable attackers to get into your network and stay in your network. Beyond simple bugs, any tool that can execute arbitrary code becomes a vulnerability - especially if you don't know when it is doing that.

Python is a popular tool with attackers, in large part because it can download encrypted code, decrypt and execute it with a single line of code. And once that entire payload is running, nobody knows exactly what it is doing.

PEP 551 adds a range of auditing hooks to the Python runtime, enabling system administrators to see into how it is being used. You can inspect every piece of code that is compiled and executed, intercept calls that modify trace functions, and collect information on code that uses native functions through ctypes.

This session will look at why we need security transparency in Python. We will look at actual examples of malware written in Python, and see how the hooks provided by PEP 551 enable administrators to detect and prevent attacks on their systems.

Steve Dower

Steve is an engineer who tells people about Python and then gives them excuses to use it and great tools to use it with. He works on Python support for Visual Studio, contributes to many of Microsoft's Python libraries, and is a core contributor and Windows expert for CPython.