Python Application Security

 

Real Class Example

Python Application Security

This online training course is an introduction to securing your Python application, a dynamic language popular for web development, IT security, big data, science, and scripting. This Python online training course covers how to use Bandit, how to implement the Flask-Security, understanding XSS, CSRF attacks, security in the apps APIs, and more!

Instructor:

Zac Brown

Course Information

Skills Learned

  • Overview of course and course-level learning objectives
  • Quick overview of some common concepts and resources for securing your app
  • Learn how to use Bandit to detect potential security issues in your Python code
  • Understand how to implement the Flask-Security package
  • Understand the risk of XSS and how to mitigate this in your Flask app
  • Understand how CSRF attacks work and how to mitigate them in your Flask app
  • Understand how SQL injection works and how to mitigate in your app
  • Explore the various HTTP headers that allow an application to work with the browser to control security
  • Improve the security of our app using what we’ve learned
  • Increase security of our app using what we’ve learned
  • Increase security in the apps APIs
  • Explain and fix all detected issues using the Bandit package
  • Learn about various types of input injections
  • Understand why we only use asserts to communicate with other developers, and never for production evaluations
  • Understand how to securely parse yaml data in your app

Who Should Attend This Course

This online training course is for anyone looking to properly secure your Python applications.

Prerequisites

None, but we recommend that students either attend Python Foundations or have equivalent Python experience.

Course Outline

  • What is App security?
  • Why do we care about app security?
  • OWASP
  • SSI/TLS
  • Hacking tools repository
  • Session based Autho
  • What is Bandit?
  • Installing the Bandit package
  • Bandit options and configs
  • Running Bandit against our code
  • What is Flask-Security?
  • Session based auth
  • Password hashing
  • What is XSS?
  • How can XSS be used to exploit apps?
  • XSS prevention
  • What is CSRF?
  • Mitigating CSRF in Flask Apps
  • What is SQL injection?
  • Is SQL injection common?
  • Mitigation
  • HSTS
  • CSP
  • X-ContentType-Options
  • X-Frame-Options
  • X-XSS-Protection
  • SetCookie-Options
  • Improve user authentication
  • Improve DB data storage
  • Explore data encryption options
  • API authentication
  • Managing API users
  • Explain and fix all detected issues using the Bandit package
  • What is input injection?
  • Mitigation
  • What is assert?
  • Why are asserts dangerous?
  • What is yaml.load?
  • Potential dangers in using yaml.load

CLASS START DATES



Are you a student and need support?

Don’t see the class you’re looking for?

Get a demo or pricing!

Call (800) 850-9932 or submit this form to get pricing for you or your team.

We absolutely love being able to tailor the StormWind training experience to you and your goals. Simply provide us with a little bit of upfront info and we’ll get to work on customizing learning packages for you—at a price you just can’t resist.