Is your data secure by default? How Django can be used to make you sleep at night.
This talk will detail the different threats a web application faces today and how different types of encryption can solve many of these problems. We will discuss the whole web-stack and show various technologies to deploy secure encryption. The main focus will be on using Django as a web-frontent in a highly distributed and load optimised environment.
More than ever websites have to deploy encryption to protect their users. First it has to be defined what threats the data faces and how these can be mitigated. It is vital, that a lot of though is put into what is sensible for what use case. We will describe different strategies based on a little piece of software (written in Django) we use to showcase where encryption can happen (client-browser-server-cgi-database). We will back these steps up by real life examples, numbers and benchmarks we have collected from a productive environment. Finally we will discuss some problems that arise, when hosting is out of the house, your backups are encrypted, you have a fail-over distributed environment and you as a service provider can't see the data you are hosting.
Start time: 17:45