Overview
-
Develop more secure Python apps. Discover how to set up a secure coding environment and explore the security features of popular Python frameworks like Django and Flask.
Syllabus
-
Introduction
- Developing securely
- What you should know
- What are secure coding, CERT, and other standards?
- What is OWASP Top 10?
- Installing software with due caution
- Installing pipenv, Python, Django, Flask, and Django REST framework
- Common vulnerabilities and exposures checks
- A few words about encryption and injection
- Dynamic typing with Python
- Explicit assertions with Python
- Don't get yourself into a Pickle
- Challenge: Secure the end point
- Solution: Secure the end point
- Using a separate Python environment for isolation
- The "batteries included" approach in Django
- Generating new projects
- The Django settings module, keeping secrets, and the dangers of debug mode
- Safe serializing
- Permissions
- Testing and security
- Challenge: Run the test, fix the code
- Solution: Run the test, fix the code
- The challenge of securing Flask
- Flask secrets
- Password hashing with Flask
- Next steps: Secure coding
