Cloud Computing and Other Training / Security Training
This Secure Python Coding training teaches attendees how to overcome the most critical security issues when developing their Python applications. Participants learn about vulnerabilities from the OWASP Top Ten list for the web and how to address these in Python web applications (with additional detail included for Django). The course also covers significant security issues for Python code in general (including many Python-specific issues such as function hijacking) and explores security solutions provided by the Python ecosystem, including authentication, access control, and encryption.
Location and Pricing
Most Accelebrate courses are delivered as private, customized, on-site training at our clients' locations worldwide for groups of 3 or more attendees and are custom tailored to their specific needs. Please visit our client list to see organizations for whom we have delivered private in-house training. These courses can also be delivered as live, private online classes for groups that are geographically dispersed or wish to save on the instructor's or students' travel expenses. To receive a customized proposal and price quote for private training at your site or online, please contact us.
Python Training Objectives
All students will:
Python Training Outline
IT Security and Secure Coding
Nature of security
What is risk?
IT security vs. secure coding
From vulnerabilities to botnets and cybercrime
Web Application Security (OWASP Top Ten 2017)
Sensitive data exposure
A4 - XML external entity (XXE)
Broken access control
Cross-Site Scripting (XSS)
Using components with known vulnerabilities
Same Origin Policy
Cross Origin Resource Sharing (CORS)
Exercise – Client-side authentication
Client-side authentication and password management
Python Security Architecture
Python applications and their attack surfaces
Authentication and authorization
Code protection in Python
Python-specific security concerns
Rule #1 of implementing cryptography
Other cryptographic algorithms
Asymmetric (public-key) cryptography
Public Key Infrastructure (PKI)
Cryptography in Python
Common Coding Errors and Vulnerabilities
Improper use of security features
Improper error and exception handling
Time and state problems
Code quality problems
Denial of service
SSL/TLS renegotiation DoS
Regular expression DoS (ReDoS)
Hashtable collision attack
Principles of security and secure coding
Matt Bishop’s principles of robust programming
The security principles of Saltzer and Schroeder
Secure coding sources – a starter kit
Recommended books – Python security
All Python Security training students must have general Python development experience.
All attendees receive comprehensive courseware.
Software needed for each student PC:
Accelebrate can either provide a VMware virtual machine that can be run locally for the training or can provide access to a preconfigured cloud environment for each participant. Please contact us for details.
For classes delivered online, all participants need either dual monitors or a separate device logged into the online session so that they can do their work on one screen and watch the instructor on the other. A separate computer connected to a projector or large screen TV would be another way for students to see the instructor's screen simultaneously with working on their own.