Overview

This online training course is an introduction to securing your Python application, a dynamic language popular for web development, IT security, big data, science, and scripting. This Python online training course covers how to use Bandit, how to implement the Flask-Security, understanding XSS, CSRF attacks, security in the apps APIs, and more!

Course Instructor: Zac Brown

Course Outline

  • What is App security?
  • Why do we care about app security?
  • OWASP
  • SSI/TLS
  • Hacking tools repository
  • Session based Autho
  • What is Bandit?
  • Installing the Bandit package
  • Bandit options and configs
  • Running Bandit against our code
  • What is Flask-Security?
  • Session based auth
  • Password hashing
  • What is XSS?
  • How can XSS be used to exploit apps?
  • XSS prevention
  • What is CSRF?
  • Mitigating CSRF in Flask Apps
  • What is SQL injection?
  • Is SQL injection common?
  • Mitigation
  • HSTS
  • CSP
  • X-ContentType-Options
  • X-Frame-Options
  • X-XSS-Protection
  • SetCookie-Options
  • Improve user authentication
  • Improve DB data storage
  • Explore data encryption options
  • API authentication
  • Managing API users
  • Explain and fix all detected issues using the Bandit package
  • What is input injection?
  • Mitigation
  • What is assert?
  • Why are asserts dangerous?
  • What is yaml.load?
  • Potential dangers in using yaml.load

Skills Learned

After completing this online training course, students will be able to:

  • Overview of course and course-level learning objectives
  • Quick overview of some common concepts and resources for securing your app
  • Learn how to use Bandit to detect potential security issues in your Python code
  • Understand how to implement the Flask-Security package
  • Understand the risk of XSS and how to mitigate this in your Flask app
  • Understand how CSRF attacks work and how to mitigate them in your Flask app
  • Understand how SQL injection works and how to mitigate in your app
  • Explore the various HTTP headers that allow an application to work with the browser to control security
  • Improve the security of our app using what we’ve learned
  • Increase security of our app using what we’ve learned
  • Increase security in the apps APIs
  • Explain and fix all detected issues using the Bandit package
  • Learn about various types of input injections
  • Understand why we only use asserts to communicate with other developers, and never for production evaluations
  • Understand how to securely parse yaml data in your app