Python developers are building APIs that expose industrial control systems (PLCs and sensor networks via Modbus or OPC-UA) to the internet, often with basic authentication and outdated dependencies. When code controls power grids, water systems, or manufacturing processes, a compromised API or a typosquatted package is not just a data leak, it can disrupt operations.
Because of this, the way these APIs are built introduces security concerns that are not always visible during development. Many of these applications depend on third-party packages, which creates exposure to supply chain risks.
Attackers use techniques such as typosquatting, publishing malicious packages with names similar to widely used libraries (such as reqeusts instead of requests). Once installed, these packages can access environment variables, API keys, or system interfaces. Outdated dependencies introduce additional risk, as libraries such as requests or urllib3 may contain known weaknesses, including credential leakage during redirects or improper SSL validation.
These patterns come from web development, where their impact is often limited to data exposure. When the same code is used in systems connected to infrastructure that controls physical processes, the consequences change. Weak API design or a compromised dependency can affect system behavior, not just stored data.
This difference creates a gap between how Python applications are commonly built and what is expected in these environments. Small decisions in Python API design can reduce risk in systems where software directly affects physical processes.
This talk shows Python developers how to secure these integrations through safer API design, careful handling of dependencies, and decisions that improve system resilience without requiring deep security expertise.
This talk looks at how Python APIs connect industrial control systems such as PLCs and sensor networks to external systems. These integrations are often built using familiar patterns, but the risks change when software affects physical processes.
Here, the session starts with how Python is used in these environments and then moves to common issues in API design and dependency use, including typosquatting and outdated libraries. From there, it explains how problems that seem minor in web applications can affect system behavior in industrial settings.
Based on this, the talk ends with practical ways developers can write safer APIs and handle dependencies more carefully, without adding unnecessary complexity.
How Python APIs are used to connect industrial systems, where these integrations introduce risk, common issues in API design and dependencies such as typosquatting and outdated libraries, why these problems change in systems that affect physical processes, how developers can reduce risk through safer API design and careful dependency handling.
