Designing secure APIs with state machines | Talks
Did you ever need to create an application whose behavior varies with its state, while still presenting a consistent interface to its callers? A good, layered design using state machines can help avoid the tedious 'if' checks for flags, and ensure that if your code runs at all, it will run with all the required values initialized. I will demonstrate this with examples, and talk about some available tools and libraries to build state machines in Python. I will also discuss how to effectively use the process of threat modeling to build secure web applications. Threat modeling is a computer security technique that helps you better understand the systems you create, identify attacks, and build defenses. I will talk about things that we, as software developers, can do to assess the security of our applications in the real world through this process.
Ashwini Oruganti
Ashwini is a software engineer in San Francisco and an open source developer. She is the author of pyca/tls, a pure-python TLS 1.2 implementation that is designed with various functionally independent layers that plug together in the form of a state machine, presenting users with opinionated and secure APIs. In the past, she has worked on Twisted - an asynchronous event-driven networking framework, and Hippy - a PHP implementation in RPython.
Portland Ballroom 251 & 258
Saturday, 20th May, 14:35 - 15:05