Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Oh, I Found a Security Issue (PyCon CA 2017)

Markus H
November 18, 2017
Technology
0
12k

Oh, I Found a Security Issue (PyCon CA 2017)

Speaker notes at https://markusholtermann.eu/2017/11/oh-i-found-a-security-issue/

Markus H

November 18, 2017
Tweet

More Decks by Markus H

See All by Markus H
🐍 ❤️ 🦀 — Python loves Rust
markush
0
140
Knock! Knock! Who's There?
markush
0
48
An Introduction To Kubernetes ☸
markush
0
64
Writing Safe Database Migrations (DjangoCon Europe 2021)
markush
0
13k
A Pony On The Move: How Migrations Work In Django 🐎
markush
0
12k
All Hands on Deck — Handling Security Issues
markush
0
13k
Logging Rethought 2: The Actions of Frank Taylor Jr. (PyCon UK 2019)
markush
0
37
Logging Rethought 2: The Actions of Frank Taylor Jr. (PyCon Australia 2019)
markush
1
160
Logging Rethought 2: The Actions of Frank Taylor Jr. (DjangoCon Europe 2019)
markush
0
12k

Other Decks in Technology

See All in Technology
K8s 上で laravel を 快適に運用する方法
colopl
0
110
IoTだからこそ、サーバーレスを活用すべき3つの理由
soracom
PRO
2
880
F0推定アルゴリズムHarvestは中で何をしているのか
nagiss
2
340
Develop Sales Automation Workflow on LINE
linedevth
0
170
1,800万人が利用する『家族アルバム みてね』におけるK8s基盤のアップグレード戦略と継続的改善 / FamilyAlbum's upgrade strategy and continuous improvement for K8s infrastructure
kohbis
0
280
オーティファイ会社紹介資料 / Autify Company Deck
autifyhq
7
90k
監視とオブザーバビリティ 〜 悩む前に確認しておくべきこと / 20230926-ssmjp-monitoring-and-observability
opelab
9
1.3k
Ebitengineのイベントで発表するのでEbitengineを初めて触ってみた
shinnosuke_kishida
0
140
Legacy Software: Not Really a Problem!
ewolff
2
120
増え続ける公開アプリケーションへの悪意あるアクセス_多層防御を取り入れるSRE活動_.pdf
yoshiiryo1
0
280
事業や組織の変化に柔軟に適応するIVRyのプロダクト開発チーム運営 / IVRy's Product Development
yrhorita
1
120
Jagu'e'r Tech Writers Meetup #1
yamahiro
0
110

Featured

See All Featured
Web Components: a chance to create the future
zenorocha
304
41k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.7k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
12
5.7k
[RailsConf 2023] Rails as a piece of cake
palkan
15
2.8k
Clear Off the Table
cherdarchuk
81
300k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
2.3k
The Web Native Designer (August 2011)
paulrobertlloyd
78
2.6k
Navigating Team Friction
lara
177
12k
The Power of CSS Pseudo Elements
geoffreycrofte
56
4.6k
Why Our Code Smells
bkeepers
PRO
329
56k
Fireside Chat
paigeccino
18
2.2k
Code Reviewing Like a Champion
maltzj
510
38k

Transcript

  1. Oh, I Found a
    Security Issue

    View Slide



  2. View Slide

  3. Who's an
    OpenSource
    maintainer?

    View Slide

  4. Who uses Django?

    View Slide

  5. Date: Tue, 4 Apr 2017 08:31:25 -0700 (PDT)
    From: Tim Graham <*****@gmail.com>
    To: django-announce
    Subject: [django-announce] Django security releases issued: 1.10.7,
    1.9.13, and 1.8.18
    Today the Django team issued 1.10.7, 1.9.13, and 1.8.18 as part of our
    security process. These releases address two security issues, and we
    encourage all users to upgrade as soon as possible:
    https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
    As a reminder, we ask that potential security issues be reported via
    private email to [email protected] and not via Django's Trac
    instance or the django-developers list. Please see
    https://www.djangoproject.com/security for further information.

    View Slide

  6. Report to
    [email protected]

    View Slide

  7. Assessing the
    reported issue

    View Slide

  8. Fixing the issue

    View Slide

  9. Confirming the fix

    View Slide

  10. Pre-notification

    View Slide

  11. Release

    View Slide

  12. Announcement

    View Slide

  13. How to apply this?

    View Slide

  14. ● Setup reporting channel

    View Slide

  15. ● Setup reporting channel
    ● Monitor reporting channel

    View Slide

  16. ● Setup reporting channel
    ● Monitor reporting channel
    ● Fix the issue

    View Slide

  17. ● Setup reporting channel
    ● Monitor reporting channel
    ● Fix the issue
    ● Release & Announce

    View Slide

  18. ● Setup reporting channel
    ● Monitor reporting channel
    ● Fix the issue
    ● Release & Announce
    ● Learn from it

    View Slide

  19. OWASP Top 10
    https://www.owasp.org/

    View Slide

  20. Thank you!
    @m_holtermann

    View Slide