The Python language is used in many different settings – from command-line tools to complex Web applications. Many of these Python programs are exposed to attack, either by being directly accessible through the Internet or by directly processing user-provided data in a server environment. Developers must therefore be extremely cautious in how to use different technologies securely, and should also have a deep understanding in secure coding techniques and potential pitfalls.
This course covers the most critical security issues in Python applications. We cover vulnerabilities from the OWASP Top Ten list for the web as they concern Python web applications as well as the Django framework. The course also encompasses the most significant security issues for Python code in general (including many Python-specific issues such as function hijacking), while also presenting security solutions provided by the Python ecosystem – such as authentication, access control and encryption.
Understanding the security solutions provided by Python as well as the various security issues and vulnerabilities is a must for all programmers using these technologies to develop web, desktop or server applications.
Python developers, architecs and testers.
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Learn about XML security
- Learn client-side vulnerabilities and secure coding practices
- Understand security concepts of Web services
- Learn about JSON security
- Learn about Python security architecture
- Have a practical understanding of cryptography
- Learn about typical coding mistakes and how to avoid them
- Learn about denial of service attacks and protections
- Get sources and further readings on secure coding practices
- IT security and secure coding
- Web application security (OWASP Top Ten 2017)
- Client-side security
- XML security
- Python security architecture
- Practical cryptography
- Common coding errors and vulnerabilities
- Denial of service
- Principles of security and secure coding
- Knowledge sources