Python Secure Coding Playbook

Focused View

Gavin Johnson-Lynn

2:23:44

111 View

1. Course Overview

1. Course Overview.mp4

01:34

2. Secure Coding Principles

1. Secure Coding and the OWASP Top 10.mp4

02:12

2. Secure Coding Guidelines.mp4

06:17

3. Injection Flaws

1. Understanding Injection Flaws.mp4

01:52

2. Attacking and Defending SQL Injection.mp4

04:01

3. Attacking and Defending Operating System Command Injection.mp4

02:27

4. Demo - Defending Against Injection Attacks in Python.mp4

05:16

4. Broken Authentication

1. Authentication Components.mp4

02:41

2. Handling Passwords.mp4

02:35

3. Password Guessing.mp4

01:30

4. Demo - Password Guessing Defense.mp4

04:33

5. Credential Stuffing.mp4

02:10

6. Demo - Credential Stuffing.mp4

04:23

7. Demo - Time-based One-time Passwords.mp4

06:19

8. Further Time-based One-time Password Security.mp4

01:54

5. Sensitive Data Exposure

1. Data Sensitivity.mp4

01:49

2. Areas of Data Exposure.mp4

06:11

3. Demo - Protecting Sensitive Data.mp4

04:57

6. XML External Entities (XXE)

1. XXE Attacks.mp4

04:39

2. Demo - XXE Attack and Defense.mp4

03:07

7. Broken Access Control

1. Understanding Authorization.mp4

02:19

2. Access Control with Role-based Access.mp4

04:45

3. Demo - Implementing Role-based Access.mp4

05:24

8. Security Misconfiguration

1. Areas of Misconfiguration.mp4

02:28

2. Common Misconfigurations.mp4

03:09

3. Demo - Fixing Common Misconfigurations.mp4

06:45

9. Cross-Site Scripting (XSS)

1. Understanding Cross-Site Scripting.mp4

02:20

2. Types of XSS.mp4

03:45

3. XSS Defenses.mp4

03:26

4. Demo - XSS Defenses.mp4

05:45

10. Insecure Deserialization

1. Understanding Deserialization.mp4

02:20

2. Types of Deserialization Vulnerability.mp4

04:01

3. Demo - Correcting Deserialization Issues.mp4

05:07

11. Using Components with Known Vulnerabilities

1. Understanding Known Vulnerabilities.mp4

03:46

2. Demo - Detecting Known Vulnerabilities.mp4

04:11

12. Insufficient Logging and Monitoring

1. Understanding Logging and Monitoring.mp4

06:10

2. Demo - Logging Authentication Actions.mp4

04:37

3. Demo - Logging Authorization Actions.mp4

02:59

Description

Secure coding is a skill that every web developer needs to ensure they are protected from common vulnerabilities. This course teaches you about those vulnerabilities, how an attacker might exploit them, and how to avoid them in your Python websites.

What You'll Learn?

There are a number of common vulnerabilities that can be exposed by a website which a malicious user can attack. This can result in anything from the website being defaced to the web server and all of its contents being accessed by unauthorized users. In this course, Python Secure Coding Playbook, you’ll learn to protect your websites from attack. First, you'll explore the most common vulnerabilities that you’re likely to see in a website. Then, you'll see what these vulnerabilities could allow an attacker to do and how they might do it. Finally, you’ll learn how to write your Python code to protect your website from attack. When you’re finished with this course, you’ll have the knowledge of secure coding in Python that you need to protect your website from the attacks that it is most likely to face.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Python

Gavin Johnson-Lynn

Instructor's Courses

Gavin has 20 years’ experience writing software in regulated environments and for global organisations. The last five years of his development career were spent with a focus on security, becoming the security lead for a significant payments project at a FTSE 100 company. He has experience with languages from COBOL to .Net and now often finds those skills useful when developing with Python. Gavin's experience of software security revealed a passion for security, leading him to become a speaker and blogger on the subject. Gavin holds the Certified Secure Software Lifecycle Professional (CSSLP) and Scrum Master certifications and is currently part of an offensive security team, using his defensive knowledge to aid offensive security work.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.