When does class start/end?
Class hours may vary, please reach out to contact@ascendientlearning.com if you have any questions.
Web Application Security in Python
This Web App Security in Python course guides developers through secure design principles and the OWASP Top Ten vulnerabilities and teaches them how to defend against common attacks like injection...
Read MoreOverview
This Web App Security in Python course guides developers through secure design principles and the OWASP Top Ten vulnerabilities and teaches them how to defend against common attacks like injection and cross-site scripting. Participants also learn the crucial cryptography, authentication, and server configuration aspects. By the end of this course, developers can build and maintain secure, resilient web applications using Python.
Skills Gained
- Explain core security concepts and the OWASP Top Ten vulnerabilities
- Prevent broken access control by implementing proper authorization and mitigating file upload risks
- Apply cryptography to ensure data confidentiality and integrity
- Defend against injection attacks by validating input and utilizing parameterized queries
- Design secure applications using the STRIDE model and Saltzer and Schroeder's principles
- Correctly configure servers, cookies, and XML to prevent security misconfigurations
- Manage vulnerable components and implement authentication best practices
Prerequisites
All Python Security training students must have general Python development experience.
Course Details
Introduction to Cyber Security
- What is security?
- Threat and risk
- Cyber security threat types – the CIA triad
- Consequences of insecure software
The OWASP Top Ten
Broken Access Control (A01)
- Access control basics
- Failure to restrict URL access
- Confused deputy
- File upload
Cryptographic Failures (A02)
- Cryptography for developers
Injection (A03)
- Injection principles
- Injection attacks
- SQL injection
- Code injection
- HTML injection - Cross-site scripting (XSS)
Insecure Design (A04)
- The STRIDE model of threats
- Secure design principles of Saltzer and Schroeder
- Client-side security
Security Misconfiguration (A05)
- Configuration principles
- Server misconfiguration
- Python configuration best practices
- Cookie security
- XML entities
Vulnerable and Outdated Components (A06)
- Using vulnerable components
- Assessing the environment
- Hardening
- Untrusted functionality import
- Malicious packages in Python
- Vulnerability management
Identification and Authentication Failures (A07)
- Authentication
- Password management
Software and Data Integrity Failures (A08)
- Integrity protection
- Subresource integrity
Server-Side Request Forgery (A10)
- Server-side Request Forgery (SSRF)
Wrap Up
- Secure coding principles
- Software security sources and further reading
- Python resources
Conclusion
Schedule
FAQ
Does the course schedule include a Lunchbreak?
Classes typically include a 1-hour lunch break around midday. However, the exact break times and duration can vary depending on the specific class. Your instructor will provide detailed information at the start of the course.
What languages are used to deliver training?
Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.
What does GTR stand for?
GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.
How do I find an Ascendient Learning training location?
We have training locations across the United States and Canada - View a complete list of classroom training locations.
Which delivery formats are available?
At Ascendient Learning, we offer training that is Instructor-Led, Online, Virtual, and Self-Paced.
Does Ascendient Learning deliver group training?
Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.
What does vendor-authorized training mean?
As a vendor-authorized training partner, we offer a curriculum that our partners have vetted. We use the same course materials and facilitate the same labs as our vendor-delivered training. These courses are considered the gold standard and, as such, are priced accordingly.
Is the training too basic, or will you go deep into technology?
It depends on your requirements, your role in your company, and your depth of knowledge. The good news about many of our learning paths, you can start from the fundamentals to highly specialized training.
How up-to-date are your courses and support materials?
We continuously work with our vendors to evaluate and refresh course material to reflect the latest training courses and best practices.
Are your instructors seasoned trainers who have deep knowledge of the training topic?
Ascendient Learning instructors have an average of 27 years of practical IT experience and have also served as consultants for an average of 15 years. To stay current, instructors spend at least 25 percent of their time learning new, emerging technologies and courses.
Do you provide hands-on training and exercises in an actual lab environment?
Lab access is dependent on the vendor and the type of training you sign up for. However, many of our top vendors will provide lab access to students to test and practice. The course description will specify lab access.
Will you customize the training for our company’s specific needs and goals?
We will work with you to identify training needs and areas of growth. We offer a variety of training methods, such as private group training, on-site of your choice, and virtually. We provide courses and certifications that are aligned with your business goals.
How do I get started with certification?
Getting started on a certification pathway depends on your goals and the vendor you choose to get certified in. Many vendors offer entry-level IT certification to advanced IT certification that can boost your career. To get access to certification vouchers and discounts, please contact info@ascendientlearning.com.
Will I get access to content after I complete a course?
You will get access to the PDF of course books and guides, but access to the recording and slides will depend on the vendor and type of training you receive.
How do I request a W9 for Ascendient Learning?
View our filing status and how to request a W9.
Reviews
Good training material and good instruction. More time needs to be provided for the lab work.
I thought the course was informative and the tools to go over the material were very nice.
The course was informative, and I learnt a new skill. The instructor was up to the point.
ExitCertified provided us with a great opportunity to learn more about React and in easy to follow way.
Easy to use and exactly what I was looking for. Value for money was exceptional.
