Python: Web Development And Penetration Testing
Last updated 1/2017
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 390.98 MB | Duration: 3h 19m
Last updated 1/2017
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 390.98 MB | Duration: 3h 19m
An all-in-one guide to building secure web apps with Python and Django. Start with basic Python, finish as an expert!
What you'll learn
Learn how to build and structure efficient Python web applications
Create and use your own custom middleware for Django web apps
Conduct end-to-end web application penetration testing in a live environment
Build an in-depth understanding of the process behind web pen testing
Stay relevant by laying the groundwork for further penetration testing exposure
Requirements
You should be familiar with Python syntax and data structures
You will need to have a Python development environment ready to go (2.7)
Prior experience with Django will be useful, but not required (1.8)
Description
Do you want to quickly build web applications that are highly scalable and secure by design? Are you keen on using your existing Python skills for web development instead of learning a completely new language?
This carefully structured course combines text, video and assessment content. It focuses on Python, starting out with core coverage of the Django framework. You'll learn how to build web applications from the ground up, in a responsible and scalable way. The latter sections then detail how you can take your web application and run it through a suite of comprehensive tests that prepare it for real-world security threats and exploits.
By taking this course you will not just learn about web development with Python. You'll understand how to build web applications properly, in a manner that lets you test and improve them responsibly to a professional standard.
Why should I choose this course?
We've spent the last decade working to help developers stay relevant. The structure of this course is a result of deep and intensive research into what real-world developers need to know in order to be job-ready. We don't spend too long on theory, and focus on practical results so that you can see for yourself how things work in action.
What details do you cover?
This course makes use of Django, which is one of the world's leading web development frameworks. As it sits within the Python ecosystem, it makes your application development experience extremely easy to approach without compromising on efficiency.
We start off by learning about class-based views, so that you can start building pages that respond to specific requests and URL structures. We’ll then dive into creating custom middleware, which will help us reuse code, resulting in a more complete introductory web application.
Have you ever wanted to build a complete REST API? Our next step is to do just that. Starting out with basic read-only functionality, we'll also add key-based authentication so that we can properly implement a CRUD (Create, Read, Update and Delete) feature set.
The latter part of the course will start with an overview of the web application penetration testing methodology. We also dive into the suite of tools used by real-world professionals so that you can start compiling your very own toolkit.
We don't just cover the background to penetration testing. We'll show you how to intercept HTTP techniques and interact directly with web applications using Python and the requests library. We'll also show you several web crawling techniques, on top of highly sought after SQL injection methods. You'll also lean how to write and develop your own custom tooling and reference scripts to save you time, just like the professionals.
By the time you reach the end, you'll have gone through the entire process of building and validating web applications with Django and Python. We've complied this into one easy reference that reflects the working habits of actual penetration testers to deliver the most accurate learning experience as possible.
We combine the best of the following Packt products:
Mastering Django Web Development by Kevin Veroneau and Matthew NuzumPython Web Penetration Testing Cookbook by Cameron Buchanan et al.Learning Python Web Penetration Testing by Christian MartorellaTestimonials:
The source content have been received well by the audience. Here are a couple of reviews:
"Excellent videos with real case scenarios and code examples. Good explanations (e. g. how to find SQL code injection gaps)."- Anonymous Customer."I loved the books and learnt new skills."- Jatandar
Meet your expert instructors:
Christian Martorella has been working in security testing for more than 10 years. He is the author of multiple widely used penetration testing tools like Wfuzz, Metagoofil, theHarvester, and Webslayer, all of them included in Backtrack and Kali, and written in Python. He has presented security research in many conferences such as OWASP Summits, OWASP Meeting London and Barcelona, BlackHat Arsenal, Hack.lu, and OSIRA.
Matthew Nuzum has been developing web applications since 1999 and has worked for several start-ups including Canonical, the makers of Ubuntu, as well as several other Fortune 500 companies. He has a passion for helping others learn new technologies and has written numerous tutorials and help documents as well as running a web-focused user group based in his hometown of Des Moines.
Kevin Veroneau is a highly active Python and Django developer who has worked for many start-ups,. He has an active Python blog, and has worked on a magnitude of Python projects over the years.
Cameron Buchanan is a penetration tester by trade and a writer in his spare time. He has performed penetration tests around the world for a variety of clients across many industries. Previously, he was a member of the RAF.
Meet your managing editor:
This course has been planned and designed for you by me, Tanmayee Patil. I'm here to help you be successful every step of the way, and get maximum value out of your course purchase. If you have any questions along the way, you can reach out to me and our author group via the instructor contact feature on Udemy.
Overview
Section 1: Advanced Uses of Class-based Views
Lecture 1 Django Overview
Lecture 2 Understanding Class-based Views
Lecture 3 Using Mixins
Lecture 4 Creating Custom Class-based Views
Lecture 5 Creating a Switchboard View
Section 2: Building Custom Middleware
Lecture 6 What is Middleware?
Lecture 7 Creating your Own Custom Middleware
Lecture 8 Middleware to Handle Exceptions
Section 3: Creating Custom Template Tags and Filters
Lecture 9 Creating Template Filters
Lecture 10 Building Custom Template Tags
Section 4: Building a REST API
Lecture 11 Using Tastypie to Create a REST API
Lecture 12 Handling Complex Queries with Our API
Lecture 13 Adding Authentication and CRUD Support
Section 5: Advanced Database Modeling
Lecture 14 Understanding Generic Relationships
Lecture 15 Data Management using Formsets
Lecture 16 Learning Advanced Queries with Q()
Section 6: Learning Caching for Optimum Performance
Lecture 17 Low-level Caching
Lecture 18 Caching with Middleware
Lecture 19 Using the Template Cache
Section 7: Management and Maintenance of Your Application
Lecture 20 Exploring Model Managers
Lecture 21 Using a Model Manager to Create New Objects
Lecture 22 Creating manage.py Commands
Section 8: Introduction to the Web Application Penetration Testing
Lecture 23 Understanding the Web Application Penetration Testing Process
Lecture 24 Typical Web Application Toolkit
Lecture 25 Exploring the Testing Environment
Section 9: Learning Web Crawling with Scrapy
Lecture 26 What is Web Application Mapping?
Lecture 27 Creating a Crawler with Scrapy
Lecture 28 Understanding Recursive Crawling
Lecture 29 Extracting Information
Section 10: Exploring Resources Discovery
Lecture 30 What is Resource Discovery?
Lecture 31 Building Our First Brute Forcer
Lecture 32 Analyzing the Results
Lecture 33 Adding More Information
Lecture 34 Taking Screenshots of the Findings
Section 11: Encryption and Encoding
Lecture 35 Generating an MD5 hash
Lecture 36 Generating an SHA 1/128/256 Hash
Lecture 37 Implementing SHA and MD5 Hashes Together
Lecture 38 Implementing SHA in a Real-world Scenario
Lecture 39 Cracking an MD5 Hash
Lecture 40 Encoding with Base64
Section 12: Password Testing
Lecture 41 How Password Attacks Work?
Lecture 42 Our First Password Brute Forcer
Lecture 43 Adding Support for Digest Authentication
Lecture 44 Form-based Authentication
Section 13: Detecting and Exploiting SQL Injection Vulnerabilities
Lecture 45 SQL Injection Vulnerability
Lecture 46 Detecting SQL Injection Issues
Lecture 47 Exploiting a SQL Injection to Extract Data
Lecture 48 Advanced SQLi Exploiting
Section 14: Intercepting HTTP Requests
Lecture 49 HTTP Proxy Anatomy
Lecture 50 Introduction to Mitmproxy
Lecture 51 Manipulating HTTP Requests
Lecture 52 Automating SQLi in Mitmproxy
Lecture 53 Wrapping Up
If you want to build upon your existing Python knowledge and get job-ready, then this is the course for you., It focuses on two highly sought after specialist areas; web development and penetration testing. By combining coverage like this we’re able to guide you through the entire stack step-by-step, so you build real world exposure in a way that mirrors how the professionals work in the real world.