Secure Coding in Python

Develop more secure Python apps. Discover how to set up a secure coding environment and explore the security features of popular Python frameworks like Django and Flask.

Introduction

• Developing securely
• What you should know
• What are secure coding, CERT, and other standards?
• What is OWASP Top 10?

1. Setting Up

• Installing software with due caution
• Installing pipenv, Python, Django, Flask, and Django REST framework
• Common vulnerabilities and exposures checks
• A few words about encryption and injection

2. Avoiding Python Pitfalls

• Dynamic typing with Python
• Explicit assertions with Python
• Don't get yourself into a Pickle
• Challenge: Secure the end point
• Solution: Secure the end point

3. Securing Django

• Using a separate Python environment for isolation
• The "batteries included" approach in Django
• Generating new projects
• The Django settings module, keeping secrets, and the dangers of debug mode

4. Securing a RESTful API

• Safe serializing
• Permissions
• Testing and security
• Challenge: Run the test, fix the code
• Solution: Run the test, fix the code

5. Securing Flask

• The challenge of securing Flask
• Flask secrets
• Password hashing with Flask

Conclusion

• Next steps: Secure coding