Do you want to quickly build web applications that are highly scalable and secure by design? Are you keen on using your existing Python skills for web development instead of learning a completely new language?
This carefully structured course combines text, video and assessment content. It focuses on Python, starting out with core coverage of the Django framework. You'll learn how to build web applications from the ground up, in a responsible and scalable way. The latter sections then detail how you can take your web application and run it through a suite of comprehensive tests that prepare it for real-world security threats and exploits.
By taking this course you will not just learn about web development with Python. You'll understand how to build web applications properly, in a manner that lets you test and improve them responsibly to a professional standard.
Why should I choose this course?
We've spent the last decade working to help developers stay relevant. The structure of this course is a result of deep and intensive research into what real-world developers need to know in order to be job-ready. We don't spend too long on theory, and focus on practical results so that you can see for yourself how things work in action.
What details do you cover?
This course makes use of Django, which is one of the world's leading web development frameworks. As it sits within the Python ecosystem, it makes your application development experience extremely easy to approach without compromising on efficiency.
We start off by learning about class-based views, so that you can start building pages that respond to specific requests and URL structures. We’ll then dive into creating custom middleware, which will help us reuse code, resulting in a more complete introductory web application.
Have you ever wanted to build a complete REST API? Our next step is to do just that. Starting out with basic read-only functionality, we'll also add key-based authentication so that we can properly implement a CRUD (Create, Read, Update and Delete) feature set.
The latter part of the course will start with an overview of the web application penetration testing methodology. We also dive into the suite of tools used by real-world professionals so that you can start compiling your very own toolkit.
We don't just cover the background to penetration testing. We'll show you how to intercept HTTP techniques and interact directly with web applications using Python and the requests library. We'll also show you several web crawling techniques, on top of highly sought after SQL injection methods. You'll also lean how to write and develop your own custom tooling and reference scripts to save you time, just like the professionals.
By the time you reach the end, you'll have gone through the entire process of building and validating web applications with Django and Python. We've complied this into one easy reference that reflects the working habits of actual penetration testers to deliver the most accurate learning experience as possible.
We combine the best of the following Packt products:
The source content have been received well by the audience. Here are a couple of reviews:
"Excellent videos with real case scenarios and code examples. Good explanations (e. g. how to find SQL code injection gaps)."
- Anonymous Customer.
"I loved the books and learnt new skills."
Meet your expert instructors:
Christian Martorella has been working in security testing for more than 10 years. He is the author of multiple widely used penetration testing tools like Wfuzz, Metagoofil, theHarvester, and Webslayer, all of them included in Backtrack and Kali, and written in Python. He has presented security research in many conferences such as OWASP Summits, OWASP Meeting London and Barcelona, BlackHat Arsenal, Hack.lu, and OSIRA.
Matthew Nuzum has been developing web applications since 1999 and has worked for several start-ups including Canonical, the makers of Ubuntu, as well as several other Fortune 500 companies. He has a passion for helping others learn new technologies and has written numerous tutorials and help documents as well as running a web-focused user group based in his hometown of Des Moines.
Kevin Veroneau is a highly active Python and Django developer who has worked for many start-ups,. He has an active Python blog, and has worked on a magnitude of Python projects over the years.
Cameron Buchanan is a penetration tester by trade and a writer in his spare time. He has performed penetration tests around the world for a variety of clients across many industries. Previously, he was a member of the RAF.
Meet your managing editor:
This course has been planned and designed for you by me, Tanmayee Patil. I'm here to help you be successful every step of the way, and get maximum value out of your course purchase. If you have any questions along the way, you can reach out to me and our author group via the instructor contact feature on Udemy.
In this video, we begin by learning how class-based views work so that you can fully benefit from this powerful, but often poorly understood feature. Generic class-based views provide a lot of functionality. Let's take a look at how you can easily extend them to create your own custom solution. From this lecture, you will learn the following topics:
The built–in, generic class-based views are actually made up of many reusable mixins. Take a look at how you can use the same technique to add your own behaviors into your class-based views. In this lecture, you will cover the following topics:
You don't have to use generic class-based views. If you plan to override much of the built-in behavior or just don't need it, then you can start out with a simpler class, such as view. In this lecture, you will learn the following topics:
You can create a single class-based view that can handle all of the operations for a set of data. These are sometimes called switchboard classes, and they can help make your code easier to maintain. In this video, you will learn the following topics:
Code that is used in many views can be moved into middleware, allowing it to operate either before or after your view code is executed. In this lecture, you will learn the following topics:
Middleware classes are not fancy; they simply have one or more methods that correspond to one of the five predefined hooks available. We will cover the following topics in this lecture:
Showing users exceptions is unprofessional and may be a security problem. Let's examine an easier way to create middleware that catches and responds to unhandled exceptions. In this lecture, we will explore the following topics:
In this lecture we will explore the possibility of creating custom filters to make frequently used behaviors easily reusable for everyone on our team:
If you need a functionality that is too sophisticated for a filter, it should be a template tag. These are of several kinds, such as simple_tag for basic functionality and a template inclusion tag to bring in entire templates.
With the growing popularity of Angular.js and similar tools, more applications need to provide a RESTful API. Tastypie is a Python module that does most of the work for us. Let's check it out in this lecture. You will learn the following topics:
Sometimes you want to modify the data before it goes out to the API. Tastypie makes it easy to add or customize the data returned from the API.
Not all applications work with a read-only API. Sometimes, you want full CRUD support from your API. You need to add an authentication step before you make this functionality available. Fortunately, Tastypie does all of this for us. In this lecture, we will learn the following topics:
Sometimes, you want to combine data from different models. It's not hard to do this with Python, but generic relationships allow Django to do this for you. In this lecture, you will learn the following topics:
Have you wished you could add or edit many records to the database at once? With only a few lines of code, you can add this capability to your application.
Django's ORM works fine when your filters are combined using the AND operator. If you want to perform more complicated queries, you should use the Q function, which just gives you more flexibility with your logic.
Is your application running slow? You may be performing expensive operations more often than necessary. We can use low-level caching operations to have tight control over our application's performance. In this lecture, you will learn the following topics:
Do you have data that is accessed on many views? We already know we can create middleware to reduce duplication, but why not add caching at to middleware to also speed up performance? In this lecture, you will learn the following topics:
If your cache needs are simpler, you can perform caching at the template level. This can provide a tremendous improvement in performance and is easy to use. In this lecture, you will learn the following topics:
Do you frequently perform the same query and filter operation in multiple views? Avoid duplication using model managers. In this lecture, you will learn the following topics:
You may have a similar logic in multiple areas of the site to deal with inserting data. You can create a manager function that accepts your data as a parameter and centralizes your insertion logic. In this lecture, you will learn the following concepts:
Do you perform regular maintenance on your application? You can simplify periodic cron tasks by creating custom manage.py commands. In this lecture, you will learn the following topics:
In this lecture you will learn about the web app penetration-testing methodology, the toolset, and our lab environment. We will cover the following topics:
You will learn about the traditional tools used by security professionals to perform penetration tests. This will provide a basic understanding of the most important type of tools used, and give us ideas on what we can build with Python. In this lecture you will cover the following concepts:
We need to set up the testing environment and we would use VirtualBox, VM, text editor, and the vulnerable Web application we are going to use as target of our tests. In this lecture you will learn the following concepts:
In this lecture, you’ll learn about web application mapping, what it is, and how to do it:
We want to create a web application crawler to help us map an application. In this lecture, you will learn the following concepts:
We created a basic crawler, but now, we want to make it recursive to cover all the web application content. In this lecture, you will learn the following concepts:
We need to extract information from the web application that will be useful for our Security testing.
Most applications have resources that are not linked and tools such as crawlers or proxies won’t find. So, we need to discover resources with other methods. In this lecture, we will learn the following concepts:
In order to find more resources that are not linked in a web application, we need to create a brute forcer in order to discover resources using dictionary files.
We need to improve the results of the brute forcer in order to facilitate the discovery of interesting resources. Let's do just this!
In this video, we will add the detection of redirections and generate more information about the responses, such as the time it takes the response and the MD5 hash of the content. In this lecture, we will cover the following concepts:
When conducting an analysis of big web applications, having a screenshot of the discovered resources could be very handy. We need to add this capability by taking a screenshot of all the resources that return a 200 status code. In this lecture, we will cover the following topics:
Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.
With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.
From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.
Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.