The Python language is used in many different settings – from command-line tools to complex Web applications. Many of these Python programs are exposed to attack, either by being directly accessible through the Internet or by directly processing user-provided data in a server environment. Developers must therefore be extremely cautious in how to use different technologies securely, and should also have a deep understanding in secure coding techniques and potential pitfalls.
Interested in attending? Have a suggestion about running this event near you?
Register your interest now
Description
This course covers the most critical security issues in Python applications. We cover vulnerabilities from the OWASP Top Ten list for the web as they concern Python web applications as well as the Django framework. The course also encompasses the most significant security issues for Python code in general (including many Python-specific issues such as function hijacking), while also presenting security solutions provided by the Python ecosystem – such as authentication, access control and encryption.
Understanding the security solutions provided by Python as well as the various security issues and vulnerabilities is a must for all programmers using these technologies to develop web, desktop or server applications.
Outline
- IT security and secure coding
- Web application security (OWASP Top Ten)
- Client-side security
- XML security
- Python security architecture
- Practical cryptography
- Common coding errors and vulnerabilities
- Denial of service
- Principles of security and secure coding
- Knowledge sources
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Learn about XML security
- Learn client-side vulnerabilities and secure coding practices
- Understand security concepts of Web services
- Learn about JSON security
- Learn about Python security architecture
- Have a practical understanding of cryptography
- Learn about typical coding mistakes and how to avoid them
- Learn about denial of service attacks and protections
- Get sources and further readings on secure coding practices
Detailed table of contents
Day 1
- Introduction
- The Story of Kevin Montes
- Lab environment Introduction
- Team forming
- Introduction to OWASP Top10
- A01:2021 - Broken Access Control
- A02:2021 - Cryptographic Failures
- A03:2021 - Injection
- A04:2021 - Insecure Design
Day 2
- A05:2021 - Security Misconfiguration
- A06:2021 - Vulnerable and Outdated Components
- A07:2021 - Identification and Authentication Failures
- A08:2021 - Software and Data Integrity Failures
Day 3
- A09:2021 - Security Logging and Monitoring Failures
- A10:2021 - Server-Side Request Forgery
- Python architecture
- Protecting Python code
- Dangerous language features
- Python spcific countermeasures to OWASP Top10
Audience
Developers
Prerequisites
General Python development