Secure Coding with OWASP in Django 4

سرفصل های دوره

This course will teach you how to use and implement the OWASP ASVS standards to write code that’s secure against malicious attacks.

1. Course Overview

1. Course Overview

2. Secure Coding with OWASP

1. Course Introduction

2. OWASP ASVS - Introduction

3. Architecture, Design, and Threat Modeling

3. Authentication

1. Authentication

2. Demo - Setup User Authentication

3. Demo - Good Password Practices

4. Demo - Two-factor Authentication

5. Demo - Password Reset

6. Demo - Protect Against Automation Attacks

4. Secure Sessions

1. Secure Sessions in Django

2. Cookie-based Session Management

3. Session Lifecycle

4. Step-up Authentication

5. Summary

5. Access Control

1. Introduction to Access Control

2. Role-based Access Control

3. Access Control with Groups

4. How Does CSRF Attack Work

5. Anti-CSRF Mechanism in Django

6. Summary

6. Validation, Sanitization, and Encoding

1. Introduction to Input Validation

2. Validation and Sanitization of Form Data

3. Protecting from SQL Injection Attacks

4. Protecting from OS Injection Attacks

5. Insecure Deserialization of Data

7. Protecting Sensitive Data

1. Protecting Sensitive Data Using Django

2. Demo - Encrypt Sensitive Data in Cookies

3. Demo - Encrypt Sensitive Data in Database

4. Demo - Cleanup Data from the Browser

5. Demo - Users Privacy and Consent Workflow

6. Demo - Sending Data in GET vs POST Requests

7. Demo - Enforce Secure Protocols for Data in Transit

8. Summary

8. Error Handling and Logging

1. Introduction to Error Handling and Logging

2. How to Prevent Logging Sensitive Information

3. Obfuscating Sensitive Information

4. Logging Security Incidents

5. Error Handling Without Leaking Critical Information

6. Summary

09. Hardening Configuration to Protect against Malicious Code

01. Impact of Malicious Code on an App

02. Verify Dependency Packages

03. Detect Outdated and Vulnerable Packages

04. Generate SRI Hashes for JS Dependencies

05. Hardening Configuration in Production

06. Disable Debug Features in Production

07. Block Sensitive Information from Headers

08. Set Appropriate Security Headers

09. Validate HTTP Requests

10. Summary

10. Business Logic Security

1. Vulnerabilities in Business Logic

2. Adhere to Business Logic Flows

3. Rate Limiting on Business Actions

4. Summary

11. Securing Third-party Files

1. How Can Untrusted Files Prove Harmful

2. Limit the Size of File Being Uploaded

3. Validate Filename and Scan for Virus

4. Store Files Securely

5. What Is a SSRF Attack

6. Prevent SSRF Attacks

7. Summary

12. API and Web Services

1. API and Web Services

2. Demo - Securing APIS

3. Demo - Validate JSON Schema

4. Summary

45,900 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: PluralSight