Overview
This online training course is an introduction to securing your Python application, a dynamic language popular for web development, IT security, big data, science, and scripting. This Python online training course covers how to use Bandit, how to implement the Flask-Security, understanding XSS, CSRF attacks, security in the apps APIs, and more!
Course Instructor: Zac Brown
Course Outline
- What is App security?
- Why do we care about app security?
- OWASP
- SSI/TLS
- Hacking tools repository
- Session based Autho
- What is Bandit?
- Installing the Bandit package
- Bandit options and configs
- Running Bandit against our code
- What is Flask-Security?
- Session based auth
- Password hashing
- What is XSS?
- How can XSS be used to exploit apps?
- XSS prevention
- What is CSRF?
- Mitigating CSRF in Flask Apps
- What is SQL injection?
- Is SQL injection common?
- Mitigation
- HSTS
- CSP
- X-ContentType-Options
- X-Frame-Options
- X-XSS-Protection
- SetCookie-Options
- Improve user authentication
- Improve DB data storage
- Explore data encryption options
- API authentication
- Managing API users
- Explain and fix all detected issues using the Bandit package
- What is input injection?
- Mitigation
- What is assert?
- Why are asserts dangerous?
- What is yaml.load?
- Potential dangers in using yaml.load
Skills Learned
After completing this online training course, students will be able to:
- Overview of course and course-level learning objectives
- Quick overview of some common concepts and resources for securing your app
- Learn how to use Bandit to detect potential security issues in your Python code
- Understand how to implement the Flask-Security package
- Understand the risk of XSS and how to mitigate this in your Flask app
- Understand how CSRF attacks work and how to mitigate them in your Flask app
- Understand how SQL injection works and how to mitigate in your app
- Explore the various HTTP headers that allow an application to work with the browser to control security
- Improve the security of our app using what we’ve learned
- Increase security of our app using what we’ve learned
- Increase security in the apps APIs
- Explain and fix all detected issues using the Bandit package
- Learn about various types of input injections
- Understand why we only use asserts to communicate with other developers, and never for production evaluations
- Understand how to securely parse yaml data in your app