English | MP4 | AVC 1920×1080 | AAC 44KHz 2ch | 8h 1m | 1.19 GB
No-nonsense techniques, libraries, and best practices you can use to keep your Python applications safe and secure.
In Full Stack Python Security: Cryptography, TLS, and attack resistance, you’ll learn how to:
- Use algorithms to encrypt, hash, and digitally sign data
- Create and install TLS certificates
- Implement authentication, authorization, OAuth 2.0, and form validation in Django
- Protect a web application with Content Security Policy
- Implement Cross Origin Resource Sharing
- Protect against common attacks including clickjacking, denial of service attacks, SQL injection, cross-site scripting, and more
Full Stack Python Security: Cryptography, TLS, and attack resistance teaches you everything you’ll need to build secure Python web applications. As you work through the insightful code snippets and engaging examples, you’ll put security standards, best practices, and more into action. Along the way, you’ll get exposure to important libraries and tools in the Python ecosystem.
Security is a full-stack concern, encompassing user interfaces, APIs, web servers, network infrastructure, and everything in between. Master the powerful libraries, frameworks, and tools in the Python ecosystem and you can protect your systems top to bottom. Packed with realistic examples, lucid illustrations, and working code, this book shows you exactly how to secure Python-based web applications.
Full Stack Python Security: Cryptography, TLS, and attack resistance teaches you everything you need to secure Python and Django-based web apps. In it, seasoned security pro Dennis Byrne demystifies complex security terms and algorithms. Starting with a clear review of cryptographic foundations, you’ll learn how to implement layers of defense, secure user authentication and third-party access, and protect your applications against common hacks.
What’s inside
- Encrypt, hash, and digitally sign data
- Create and install TLS certificates
- Implement authentication, authorization, OAuth 2.0, and form validation in Django
- Protect against attacks such as clickjacking, cross-site scripting, and SQL injection
Table of Contents
1 Defense in depth
2 Defense in depth
3 Tools
4 Summary
5 Part 1. Cryptographic foundations
6 Hashing
7 Archetypal characters
8 Data integrity
9 Choosing a cryptographic hash function
10 Cryptographic hashing in Python
11 Checksum functions
12 Summary
13 Keyed hashing
14 HMAC functions
15 Timing attacks
16 Summary
17 Symmetric encryption
18 The cryptography package
19 Symmetric encryption
20 Summary
21 Asymmetric encryption
22 Asymmetric encryption
23 Nonrepudiation
24 Summary
25 Transport Layer Security
26 Man-in-the-middle attack
27 The TLS handshake
28 HTTP with Django
29 HTTPS with Gunicorn
30 TLS and the requests package
31 TLS and database connections
32 TLS and email
33 Summary
34 Part 2. Authentication and authorization
35 HTTP session management
36 HTTP cookies
37 Session-state persistence
38 Summary
39 User authentication
40 User authentication
41 Requiring authentication concisely
42 Testing authentication
43 Summary
44 User password management
45 Password storage
46 Configuring password hashing
47 Password-reset workflow
48 Summary
49 Authorization
50 Enforcing authorization
51 Antipatterns and best practices
52 Summary
53 OAuth 2
54 Bob authorizes Charlie
55 Django OAuth Toolkit
56 requests-oauthlib
57 Summary
58 Part 3. Attack resistance
59 Working with the operating system
60 Invoking external executables
61 Summary
62 Never trust input
63 YAML remote code execution
64 XML entity expansion
65 Denial of service
66 Host header attacks
67 Open redirect attacks
68 SQL injection
69 Summary
70 Cross-site scripting attacks
71 Input validation
72 Escaping output
73 HTTP response headers
74 Summary
75 Content Security Policy
76 Deploying a policy with django-csp
77 Using individualized policies
78 Reporting CSP violations
79 Content Security Policy Level 3
80 Summary
81 Cross-site request forgery
82 Session ID management
83 State-management conventions
84 Referer header validation
85 CSRF tokens
86 Summary
87 Cross-Origin Resource Sharing
88 Simple CORS requests
89 CORS with django-cors-headers
90 Preflight CORS requests
91 Sending cookies across origins
92 CORS and CSRF resistance
93 Summary
94 Clickjacking
95 The Content-Security-Policy header
96 Keeping up with Mallory
97 Summary
Resolve the captcha to access the links!