< Web Security with Python
14 casts | 3:13:36 for the total course
created by Jesus Villa
-
1. Web Security with Python
- Web Security with Python | Introduction
- Web Security with Python | Path Traversal with Python
- Web Security with Python | Setting Up Your Environment
- Web Security with Python | GET query (in)security
- Web Security with Python | Defacing pages with CSS Injection
- Web Security with Python | Command Injection
- Stored XSS using SVG
- Web Security with Python | Python 2 is Not Your Friend
- Web Security with Python | Denial of Service
- Web Security with Python | Insecure Direct Object References
- Web Security with Python | Server Side Request Forgery
- Web Security with Python | Never Roll Your Own Crypto
- Web Security with Python | Secure Logging
- Web Security with Python | Dictionary Attack
Transcript
English (Auto-generated)
Hi everybody, my name is jesus and I'm here to teach you about web security with python. This is just an introductory introductory video. We're gonna talk real quick about the way later episodes will work, forecasts should work I should say. And give you an idea of how this is gonna be and see if it's something you're interested in. Um pretty much if you have any programming knowledge you really don't need to know much about python and basic concepts of the web, you should be fine. So here's how each episode is gonna work. We start out with our junior developer who's contributing to this imaginary python web app will start with like a Hello World app and slowly add super simple features. So here we have Junior dev Dave And he's gonna try to add a feature in each episode two. This python api but hacker Harry will find an exploit in it will show the kinds of tools that Red teamers would use to do that sort of thing and we'll walk you through finding the vulnerability and the code that we just showed earlier before Samantha, our senior deV detects the problem and fixes the broken code. That's literally all there is to each episode. Um it's gonna be mostly hands on showing you how we implement a feature naively. Right? So okay let's serve files from this directory will do it in the most literal possible way um before having Hacker Harry come in and show why the naive approach is just that too naive Before we get to a more sophisticated approach using best practices and detailing how we can modify the code to be more secure. We'll explore a variety of common security themes. We'll talk about directory, traversal, sequel injection, XS S, all the classics and maybe as time goes on if things go well, some more obscure attacks as well. For some background on me, I'm a cryptographer. I have a background in both academics as well as industry. And more recently I've been doing quite a bit of pen testing. I got into it because I was doing trying to break crypto libraries basically. And after that, trying to break other things and I got addicted and hopefully I'll be able to use the Syria to get you addicted to it too. Thanks a lot for your time. I can't wait to get started. I think the sooner we can get into the code the better. So it's nice to halfway meet you all or better yet for you guys to halfway meet me. I'm looking forward to hopefully teaching me some things that you're gonna really enjoy by