Meet a jr dev, hacker, and sr engineer on their quest to make a secure Python web app!

Using a simple flask hello world app to show how a hapless dev can easily introduce a vulnerability. We then exploit the vuln and fix it :)

Installing and running a flask app on Ubuntu to follow along with my other videos Github repo for this series: https://github.com/JesusAlexV/Python-Sec-Cast

GET and POST are more than just semantics. For security engineers, choosing one or the other has real safety consequences. https://cwe.mitre.org/data/definitions/598.html

Remember in 2006 when the coolest hack imaginable was putting the words "YOU'VE BEEN HAXXORED" on your favorite forum? Well we're taking a trip to the past to explore one common way that web page defacement is accomplished: CSS injection

Dorking is a common technique used by hackers to gain access to random machines Github says case sensitive code search coming soon: https://github.com/github/feedback/discussions/9759 Finding good dorks: https://github.com/techgaun/github-dorks#list-of-dorks

What if you want to rely on user-supplied input to run a command on your system? In this cast, we'll see how a naive developer introduces a vulnerability by combining Python with system commands, and how to fix it. Let's go!

When you type `python` in the terminal on MacOS, you may not get what you expect.

SVG is a popular image format. But many users don't know that it can run arbitrary JS code in the browser

From the halcyon days of Anonymous hacktivism, to today's blackmailers taking down services for ransom, DoS is a perennial weapon in the blackhat arsenal

Sometimes, we can trick the server into making requests for us. This can be exploited to access sensitive internal data.

Let's say you log into a site and load your messages. You notice the messages each have an ID number. What if you could put in a different ID number, and access someone else's messages?