Kursbeskrivning
Your application written in Python works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -231? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
All this is put in the context of Python, and extended by core programming issues, discussing security pitfalls of the programming language.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
Cyber security basics
Input validation
Security features
Using vulnerable components
Cryptography for developers
Common software security weaknesses
Wrap up
Delivered onsite for three days, 9-17.00Delivered online for five days, Monday - Friday 9-13.00
Day 1:
Cyber security basics
What is security?
Threat and risk
Cyber security threat types
Consequences of insecure software
Constraints and the market
The dark side
Input validation
Input validation principles
Blacklists and whitelists
Data validation techniques
Lab – Input validation
What to validate – the attack surface
Where to validate – defense in depth
When to validate – validation vs transformations
Output sanitization
Encoding challenges
Unicode challenges
Validation with regex
Regular expression denial of service (ReDoS)
Lab – ReDoS in Python
Dealing with ReDoS
Injection
Injection principles
Injection attacks
SQL injection
SQL injection basics
Lab – SQL injection
Attack techniques
Content-based blind SQL injection
Time-based blind SQL injection
SQL injection best practices
Input validation
Parameterized queries
Lab – SQL injection best practices
Additional considerations
Case study – Hacking Fortnite accounts
Code injection
Code injection via input()
OS command injection
Lab – Command injection
OS command injection best practices
Avoiding command injection with the right APIs
Lab – Command injection best practices
Case study – Shellshock
Lab – Shellshock
Python module hijacking
Lab – Library hijacking in Python
Day 2:
Input validation
Integer handling problems
Representing signed numbers
Integer visualization
Integers in Python
Integer overflow
Integer overflows in ctypes and numpy
Other numeric problems
Working with floating-point numbers
Files and streams
Path traversal
Lab – Path traversal
Path traversal-related examples
Additional challenges in Windows
Virtual resources
Path traversal best practices
Lab – Path canonicalization
Format string issues
Unsafe native code
Native code dependence
Lab – Unsafe native code
Best practices for dealing with native code
Security features
Authentication
Authentication basics
Multi-factor authentication
Time-based One Time Passwords (TOTP)
Authentication weaknesses
Case study – PayPal 2FA bypass
Password management
Inbound password management
Storing account passwords
Password in transit
Lab – Is just hashing passwords enough?
Dictionary attacks and brute forcing
Salting
Adaptive hash functions for password storage
Password policy
NIST authenticator requirements for memorized secrets
Password hardening
Using passphrases
Password change
Password recovery issues
Password recovery best practices
Lab – Password reset weakness
Case study – The Ashley Madison data breach
The dictionary attack
The ultimate crack
Exploitation and the lessons learned
Password database migration
Outbound password management
Hard coded passwords
Best practices
Lab – Hardcoded password
Protecting sensitive information in memory
Challenges in protecting memory
Information exposure
Exposure through extracted data and aggregation
Case study – Strava data exposure
System information leakage
Leaking system information
Information exposure best practices
Platform security
Python platform security
The Python ecosystem and its attack surface
Python bytecode and security
Security features offered by Python
PEP 578 and audit hooks
Sandboxing Python
Using vulnerable components
Assessing the environment
Hardening
Case study – The British Airways data breach
Vulnerability management
Patch management
Vulnerability databases
DevOps, the build process and CI / CD
Dependency checking in Python
Lab – Detecting vulnerable components
Day 3:
Cryptography for developers
Cryptography basics
Cryptography in Python
Elementary algorithms
Random number generation
Pseudo random number generators (PRNGs)
Cryptographically strong PRNGs
Using virtual random streams
Weak and strong PRNGs
Using random numbers in Python
Lab – Using random numbers in Python
Case study – Equifax credit account freeze
Hashing
Hashing basics
Common hashing mistakes
Hashing in Python
Lab – Hashing in Python
Confidentiality protection
Symmetric encryption
Block ciphers
Modes of operation
Modes of operation and IV – best practices
Symmetric encryption in Python
Lab – Symmetric encryption in Python
Asymmetric encryption
The RSA algorithm
Using RSA – best practices
RSA in Python
Combining symmetric and asymmetric algorithms
Key exchange and agreement
Key exchange
Diffie-Hellman key agreement algorithm
Key exchange pitfalls and best practices
Integrity protection
Authenticity and non-repudiation
Message Authentication Code (MAC)
MAC in Python
Lab – Calculating MAC in Python
Digital signature
Digital signature with RSA
Elliptic Curve Cryptography
ECC basics
Digital signature with ECC
Digital signature in Python
Lab – Digital signature with ECDSA in Python
Public Key Infrastructure (PKI)
Some further key management challenges
Certificates
Certificates and PKI
X.509 certificates
Chain of trust
PKI actors and procedures
PGP – Web of Trust
Certificate revocation
Common software security weaknesses
Errors
Error and exception handling principles
Error handling
Returning a misleading status code
Information exposure through error reporting
Exception handling
In the except block. And now what?
Empty except block
Lab – Exception handling mess
Code quality
Wrap up
Secure coding principles
Principles of robust programming by Matt Bishop
Secure design principles of Saltzer and Schröder
And now what?
Software security sources and further reading
Python resources
Kommande kursstarter
Intresseanmälan
Informator är utbildningsföretaget som stärker din konkurrenskraft genom att underhålla, uppdatera och tillföra relevant kunskap inom IT och management där och när du behöver det. Vi har vuxit tillsammans med svensk mjukvaruindustris ledande företag och utbildat utvecklare, tekniker, projektledare och chefer sedan...