Conf42 Python 2022

We've got 24 python-centric talks on the menu! 🐍 Schedule, Lineup & RSVP: https://www.conf42.com/python2022 🐼 Join Discord to interact: https://discord.gg/DnyHgrC7jC — 0:00 intro, sponsors & partners Keynote 0:45 Rain Leander - Cockroach Labs Getting Started 1:41 Shweta Mishra 2:08 JJ Asghar Machine Learning 2:45 Milecia McGregor 3:20 Marco Carranza Security 4:08 David Melamed 5:06 Radu Vunvulea 5:34 Tzachi Zornstain 6:04 Filipi Pires 6:19 Gajendra Deshpande 7:20 Joshua Arvin Lat Deep dive 7:39 Andrew Knight 8:14 Kalyan Prasad 9:15 Pawel Skrzypek & Anna Warno 10:33 Moshe Zadka 10:59 Yonatan Goldschmidt 11:13 Gil Zilberfeld Education 11:54 Jeronimo Medina Madruga 12:53 Tiago Bacciotti Moreira Tools 13:30 Mark Needham 14:02 Shai Almog 14:32 Yshay Yaacobi Culture 14:55 Aman Sharma 15:37 Mihailo Joksimovic 16:25 Thank you! RSVP & join Discord See you there!

Rain Leander Developer Advocate at Cockroach Labs On the road to becoming a unicorn, you need to go backwards to make progress. As we get older, we forget how to fall down, how to play, how to explore and be curious - and these are necessary skills to becoming the best unicorn you can be. Most recently I'm diving into two new technologies - distributed databases and javascript and I invite you to join me and my inner child, who really wants to be a unicorn, as we explore rainbows, build mountains, and tear it all down again with joy, curiosity, and eagerness. I will provide specific examples, from using editors to troubleshooting issues, and conclude with practical recommendations on getting started, becoming a unicorn, and conquering the world. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Read the abstract ➤ https://www.conf42.com/Python_2022_Shweta_Mishra_python_flask_api_google_colab Other sessions at this event ➤ https://www.conf42.com/python2022 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 0:24 demo 11:59 thanks

JJ Asghar Developer Advocate at IBM JJ will walk you through deploying a simple python application to Kubernetes/OpenShift. We'll start from the ground up, then get a complete automated build. The goal is to enable your developers to focus on code, not the infrastructure! It's a chance to see the power of OpenShift and why taking the time to learn cloud native development can get you the velocity you need. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Milecia McGregor Developer Advocate at Iterative It's easy to lose track of which changes gave you the best result when you start exploring multiple model architectures. Tracking the changes in your hyperparameter values, along with code and data changes, will help you build a more efficient model by giving you an exact reproduction of the conditions that made the model better. In this talk, you will learn how you can use the open-source tool, DVC, to increase reproducibility for two methods of tuning hyperparameters: grid search and random search. We'll go through a live demo of setting up and running grid search and random search experiments. By the end of the talk, you'll know how to add reproducibility to your existing projects. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Marco Carranza Co-founder at Teamcore Tech Nowadays data is getting bigger and bigger, making it almost impossible to processed it in desktop machines. To solve this problems, a lot of new technologies (Hadoop, Spark, Presto, Dask, etc.) have emerged during the last years to process all the data using multiple clusters of computers. The challenge is that you will need to build your solutions on top of this technologies, requiring designing data processing pipelines and in some cases combining multiple technologies. However, in some cases we don't have enough time or resources to learn to use and setup a full infrastructure to run a couple experiments. Maybe you are a researcher with very limited resources or an startup with a tight schedule to launch a product to market. The objective of this talk is to present multiple strategies to process data as it grows, with the limitations of a single machine or with the use of clusters. The strategies will focus on technologies such as Pandas, Pyspark, Vaex and Modin. Outline 1.- Introduction (2 mins) 2.- Vertical scaling with Pandas and the Cloud (3 mins) 3.- Keeping the memory under control by reading the data by chunks (5 mins) 4.- Processing datasets larger than the available memory with Vaex (5 mins) 5.- Scaling Pandas with Modin and Dask (5 mins) 6.- All-in with Pyspark (5 mins) Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

David Melamed Co-Founder & CTO at Jit The minimum viable security (MVS) approach, enables us to easily bake security into our config files, apps, and CI/CD processes with a few simple controls built for Python applications. In this talk we will focus on five critical security controls that will be integrated as part of the CI/CD pipeline: Bandit for static application security (SAST), Gitleaks to detect hard-coded or insufficiently secured secrets, Python dependency checks (SCA), infrastructure as code (IaC) and ZAP for API and dynamic application security (DAST), in addition to custom controls to ensure proper enforcement of MFA via Github Security. These controls will provide a foundational framework for securing Python applications, from the first line of code, that will make it possible to continuously iterate and evolve our security maturity, for advanced layers of security that often comes with time, as well as increased experience. Code examples will be showcased as part of this session. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Radu Vunvulea Group Head of Cloud Delivery at Endava This session aims to identify the tools that help us build secure applications and environments for Azure during the development journey. The focus is on the developers and the tools we can use to ensure that our code is secure and aligned with all the available best practices and recommendations. It’s a hands-on session, limited to 10 slides and a lot of demos. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Tzachi Zornstain Head of CxDustico at Checkmarx Presentation Outline 1. Refresher on recent OSS attack, establishing: - A quick baseline of terminology and concepts, plus a focus on recent major attack found (PHP, Dependency confusion, etc) 2. Lack of visibility The Python Package Index (PyPI) deals with this issue by simply removing the malicious packages without publishing its code or metadata to a central point where the package could be found and researched. Quite similarly, NPM removes all Code and Metadata and place a generic “security holding package” label on the package webpage, although it does publish a security advisory with varying levels of specificity. Researchers are unable to learn from detected malicious packages. no IOC/contributor data = no hunting for more code packages. 3. Lack of validation One example is the process of publishing a python package to PyPi allows the publisher to link a GitHub repository to the package, then, PyPi pulls the repository statistics straight from GitHub and presents it on the package web page. The problem is, there is no validation of the connection between the package and the repository. We will demonstrate this technique we came to call StarJacking . 4. Lack of awareness The entire ecosystem is focused on detecting known Vulnerabilities, many security teams believe this risk Is cover under SCA products. This is not the case, Vulnerabilities ≠ Malware. We need a mindset shift and new technology stack to detect attackers in code packages. Reactive Vs Proactive, Static signature Vs Dynamic execution 5. Looking ahead Most of what we do today in the field of malicious open-source software can best be described as patch management. The “cyber” point of view has yet to enter this game. In this spirit, some thoughts of where we should be heading: • Malware zoo - code package hatchery • Sandbox for files - detonation chambers for dynamic analysis of code • Cross language detection • TTP’s • Bonus – contributors' reputation Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Filipi Pires Cyber Security Evangelist at senhasegura The purpose of this presentation is to use python scripts to perform some tests of efficiency and detection in various endpoint solutions, during our demonstration we`ll show a defensive security analysis with an offensive mind performing an execution some python scripts responsible for downloading some malware in Lab environment. The first objective will be to simulate targeted attacks using a python script to obtain a panoramic view of the resilience presented by the solution, with regard to the efficiency in its detection by signatures, NGAV and Machine Learning, running this script, the idea is to download these artifacts directly on the victim's machine. The second objective is to run more than one python script with daily malware, made available by MalwaresBazaar upon request via API access, downloanding daily batches of malwares. With the final product, the front responsible for the product will have an instrument capable of guiding a mitigation and / or correction process, as well as optimized improvement, based on the criticality of the risks. Article`s reference: https://pentestmag.com/product/pentest-build-your-own-pentest-lab-in-2021/ ( 2x Articles published | Exploitation with Shell Reverse and Infection with PowerShell using VBS File | Zusy Malware using MSI) https://pentestmag.com/product/pentest-powershell-for-pentesters/ ( 2x Articles published | Testing Creative Way Detection and Efficiency in Sophos Security Sensors | Outbreak Infection from Malware Bazaar, undetected by Sophos https://hakin9.org/product/malware-attacks/ (Hunting the Hunters-Detection and Efficiency Testing of Endpoint Security Sensors) https://pentestmag.com/product/pentest-ransomware-prevention/ ( 2x Articles Published | Threat Hunting Labs Engines Problems in Cybereason AV | Infection with Ransomware Using Delay in Applying Policies) https://hakin9.org/product/cyber-threat-intelligence/ (Infection with Malware By Script Python NOT Detected by AV) https://eforensicsmag.com/product/threat-hunting-what-why-how/ (Infection by Outbreak Attack Malicious) Similar presentations: https://www.youtube.com/watch?v=mJZCNqcO10A&t=51s (NahamCon's on RTV 2021 - Discovering C&C in Malicious PDFs) https://www.youtube.com/watch?v=nxlqxLWO16k (GrayHat - Red Team Village - 2020- US) - Malware Analysis https://www.youtube.com/watch?v=id7phzfgumg (GrayHat - Red Team Village - 2020 - US) - Pivoting Technique https://www.youtube.com/watch?v=oWkgyPgAMsg (BSIDES DFW - 2020 - US) - Malware Analysis https://youtu.be/-h34cWIf9T8?t=23973 (Hacktivity - Budapest 2020) - Dissecting Malware https://www.youtube.com/watch?v=9S41xfTGQDo (D.C. Cybersecurity Professionals - 2020 - US) - Cyber Threat Hunting: Identify and Hunt Down Intruders https://www.youtube.com/watch?v=yAjvfTYEhOw (D.C. Cybersecurity Professionals - 2020 - US) - Dissecting PDF Files to Malware Analysis https://www.youtube.com/watch?v=0pp6xcFsXgE&feature=youtu.be (HITB -2020 - Hack In The Box Security Conference - Europe) - Threat Hunting Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Gajendra Deshpande Founder & Managing Director at Eyesec Cyber Security Solutions Popular programming language index websites (TIOBE index) and developer surveys (Stack Overflow) place Python as one of the fastest-growing programming languages. However, this popularity also puts in the target range of attackers. The attackers perform malicious dependency attacks and use misconfiguration tools to reveal confidential information. Jukka Ruohonen, Kalle Hjerppe, and Kalle Rindell in their research paper ""A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI"" claimed that they scanned PyPI for security issues in Python packages and found the presence of at least one security issue in about 46% of the Python packages. In addition, security vulnerabilities can be present in the source code of the package. In this talk, we will address the security issues related to python packaging and possible solutions to make python packages secure. The talk begins with the importance of a secure package and vulnerabilities in the Python package index. Then, I will discuss Python packages such as Bandit for identifying common security issues in Python code and “safety” for dependency check. Next, I will discuss verifying and signing Python packages using GPG. Finally, I will discuss general guidelines for secure coding practices in Python. Outline 1. Importance of a secure package and vulnerabilities in python package index. (05 Minutes) 2. Bandit for identifying common security issues in Python code (4 Minutes) 3. Safety for dependency check (4 Minutes) 4. Verifying and signing PyPI and conda packages using GPG and Twine (4 Minutes) 5. General guidelines for secure coding practices in Python (5 Minutes) 6. Summary and Questions (3 Minutes) Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Joshua Arvin Lat CTO at NuWorks Interactive Labs Taking care of the overall security of systems and applications running in cloud environments is not easy. Manually performing security operations and auditing procedures on a regular basis take a lot of skill, time, and discipline. At the same time, auditing the different processes, systems, and applications used by organizations involves the usage of several tools. For example, scanning network environments may involve the usage of tools such as **Nmap**, and scanning container images and servers may involve both open source and commercial vulnerability scanners. Some of the major challenges encountered when performing security assessments can be solved through proper automation and integration of tools. In this session, we will make our lives easier by using **Python** to automate different security tasks and responsibilities and use it with different security tools and services. We will talk about the tips and tricks on how to design and build your own custom security tools to solve real-world requirements. These include **Infrastructure as Code** solutions, code design patterns, data engineering techniques, and even basic penetration testing techniques. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Andrew Knight Developer Advocate at Applitools Have you ever seen those ""@"" tags on top of Python functions and classes? Those are called *decorators*. Decorators, in their simplest form, wrap functions around functions. That might sound confusing at first, but it's actually pretty useful. A simple decorator could measure execution times, add startup steps, or automatically repeat calls. Decorators are one of Python's niftiest language features, and they help programmers write DRY (Don't Repeat Yourself) code. In this talk, we'll learn all about decorators: 1. How they wrap functions 2. How to write our own decorators 3. How to do cool tricks with arguments, classes, and nesting 4. How to use popular decorators 5. How to decide when decorators are (and aren't) the *right* solution We'll walk through plenty of example code together. We'll also touch lightly on Functional Programming (FP) and Aspect-Oriented Programming (AOP) concepts to build a firm understanding about how decorators work. After this talk, you should be able to use decorators effectively in your own Python projects! Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Kalyan Prasad Data Scientist & Analytics Manager at Creative Crewz Historically, networks have been studied extensively in graph theory, an area of mathematics. After many applications to several different subjects including physics, health science, and sociology, over the last years, network analysis has become an active topic not only in data science but also in finance. In a nutshell, a network is a system with nodes connected by linkages. Network analysis is popular to describe the characteristics or behaviors of complex networks. There has been also some research conducted to model the stock market using networks. The motivation is that the performances of certain stocks are often correlated, either because of the general market direction or the cyclicity of the same segments of the market. To model the stock market using network analysis, different stocks are represented as different nodes. However, defining the interaction, or creating edges, between different nodes is rather non-intuitive, unlike some physical networks, such as friendship network, in which interaction between different nodes can be defined explicitly. A traditional way to create edges between different nodes for stock market is to look at the correlations of some defined attributes. In our case, we analyze one of the reputed stock index data and identifies stock relationships in it. We propose a model that can depict such relationships and create networks of stocks. We investigate and create different networks according to the degree of correlation of stocks. Finally, we will visualize and evaluate our results accordingly. In this talk, we are going to cover the following points: • Introduction to Networks • History & why graphs • Finance evolution in networks • Understanding Network structure • Leveraging the power of Python Graphs • Real-time finance usage of network analysis using two examples(hands-on) • Wrap-up #Goal By the end of the talk, I will make sure that: • How is data connected with other data? • How do these financial connections matter? • How do complex systems move in time in the stock market? I promise you; it is an interesting one! Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Pawel Skrzypek - CEO at Omphalos Fund & Anna Warno - Data Scientist at 7bulls.com Presentation of the advanced ensemble techniques for time series forecasting. The latest state of the art forecasting methods are ensembled using innovative techniques, to improve accuracy and robustness of predictions. During the session we will make an introduction to the forecaster’s ensemble approach and after that we will present a live demo based on real examples. The Temporal Fusion Transformer and N-Beats forecaster will be ensembled using various techniques and the results will be presented in the live session. In the conclusion we will share some suggestions regarding design of efficient and robust time series forecasting solutions. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Moshe Zadka Principal Engineer at Palo Alto Networks The application has been written. The container build is done on each merge. The last thing you want is to mess around with that. But there are things missing. There's no integration with metrics. There are no readiness checks, so nodes get traffic before they are ready. Luckily, every modern container deployment system allows for "side-cars": container images that are deployed alongside the main application containers. Writing a quick web application in Python to serve these missing bits, to be deployed as a side-car, is a popular solution. How do you do this? How do you integrate into your container management system? And when is it better to modify the original application? Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Yonatan Goldschmidt Principal Engineer at Granulate In this talk, we will demonstrate through low-overhead profiling tools for user-land applications, specifically high-level ones. eBPF is a good basis for profiling tools in general; PyPerf, a BCC-based open-source tool of that kind, provides low-overhead Python applications profiling. This talk will walk through CPython internals and will then dive into PyPerf. It will then present a comparison to traditional profiling methods and will review the benefits of basing on eBPF vs. user-land, system-calls-based profilers, and how eBPF provides unique seamlessness and full transparency for Python applications. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Gil Zilberfeld Wizard of Testing at TestinGil "TDD is great, but it won't work on our legacy code" - I hear that a lot. That's why people don't even give TDD a try. Their code is killing their hope. TDD's basic examples are, well, basic, and have no relationship to real-world code. But it can work on legacy code, and everyone's got that. You just need to remember a few techniques, stick to the principles, and you can start doing TDD in your application code tomorrow. In this session I'll show how to do it, the techniques and principles involved. And I'll show how to add TDD code inside an ugly application. No more excuses then. It's possible to do TDD right there in your own legacy code. Let's do it. Key points - TDD may not seem applicable in “real code”, but the principles apply - Use characterization tests as a safety net - Use test-first principles to add new features and fix bugs - Refactor before and after adding code Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Jeronimo Medina Madruga IT Technician at Universidade Federal de Pelotas This presentation is based on my master's thesis in the field of mathematics education, which is addressing the possibilities of using python for teaching mathematics. To get to this topic, it was necessary to research the current state of using Python and other languages in the classroom in Brazil and worldwide. This made it possible to understand many of the difficulties and advantages of working with programming languages as a tool to help teachers. Therefore, the idea is to pass on these lessons so that other educators can try to implement different experiences in their classes. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Tiago Bacciotti Moreira Professor of the Information Systems at UEMG Ituiutaba Unit In this conversation, we will talk about the seven steps of the methodological proposal to practically implement the use of Python, increase student engagement and make use of real examples and practices: Methodological Proposal Lectures 1. Easy to get started 2. Clear problem definition 3. Growing difficulty 4. Collaborative work 5. Market Practices 6. Multidisciplinary 7. All open and published 8. Online classes Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Mark Needham [Job Title] @ [Company] When you hear "decision-maker", it's natural to think, "C-suite", or "executive". But these days, we're all decision-makers. Restaurant owners, bloggers, big-box shoppers, diners - we all have important decisions to make and need instant actionable insights. In order to provide these insights to end-users like us, businesses need access to fast, fresh analytics. In this session, we will learn how to build our own real-time analytics application on top of a streaming data source using Apache Kafka, Apache Pinot, and Streamlit. Kafka is the de facto standard for real-time event streaming, Pinot is an OLAP database designed for ultra-low latency analytics, and Streamlit is a Python-based tool that makes it super easy to build data-based apps. After introducing each of these tools, we’ll stream data into Kafka using its Python client, ingest that data into a Pinot real-time table, and write some basic queries using Pinot’s Python SDK. Once we’ve done that, we’ll glue everything together with an auto-refreshing dashboard in Streamlit so that we can see changes to the data as they happen. There will be lots of graphs and other visualisations! This session is aimed at application developers and data engineers who want to quickly make sense of streaming data. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Shai Almog Developer Advocate at Lightrun Production bugs are the WORST bugs. They got through unit tests, integration tests, QA and staging… They are the spores of software engineering. Yet the only tools most of us use to attack that vermin is quaint little log files and APMs. We cross our fingers and put on the Sherlock Holmes hat hoping that maybe that bug has somehow made it into the log… When it isn’t there our only remedy is guesswork of more logging (which bogs performance for everyone and makes the logs damn near unreadable). But we have no choice other than crossing our fingers and going through CI/CD again. This is 2021. There are better ways. With modern debugging tools we can follow a specific process as it goes through several different microservices and “step into” as if we were using a local debugger without interrupting the server flow. Magic is possible. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Yshay Yaacobi Co-Founder & CTO at Livecycle It has become increasingly difficult & time consuming to start working on a new codebase, especially in a polyglot microservice world. Using several patterns & developer containers we can create an amazing developer experience that will allow anyone to instantly deep-dive into coding on any machine Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Aman Sharma CoFounder & CTO at twimbit Every one says data is the new oil. But do we actually know how to efficiently use it to make our customer lives better, or it's just another silo of information. In this talk, we will see a beautiful approach to planning data-based projects inspired by professionals from Google, Twitter, Microsoft, and more. This talk will cover the following things - 1. Planning a data project sprint 2. Establishing purpose and vision. 3. What data matters and what's trash? 4. Mining the sentiments of users. 5. Diminishing the silos. 6. Tools After attending this talk, you would be able to think more clearly through the data project and really get amazing results. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Mihailo Joksimovic Head of JD Platform Development at JAGGAER I've been witness of numerous people, myself included, becoming a victim to Imposter Syndrome. Funny enough, due to keeping it ""to ourselves"", we almost never realize that others are feeling the exact same way. Hence we feel as ISOLATED imposters. As someone who has spent years in therapy and has been exploring the causes, effects and ways to mitigate imposter syndrome, I see it as my job to share my findings and experiences with others. And that's exactly what this talk is all about! Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk