Posted by Synopsys Editorial Team on April 12, 2016
A powerful and versatile programming language, Python is frequently used in web applications. Synopsys now offers training on standard Python defensive programming techniques focusing on the Django web application framework.
We recently sat down with Kevin Glavin, Associate Principal Consultant, to discuss Synopsys’ latest instructor-led training course. He gives us the rundown on the course objectives, discusses some common Django misconceptions, and explains ways in which this course offers a thorough understanding of how to solve real-world vulnerabilities in an engaging, collaborative environment. Read on to get all the details from the course developer himself.
Kevin: In this course, we dive into building secure Python applications and how this process requires both platform configuration and secure coding practices. We cover vulnerability potential and the overall security stance of Python web frameworks, Django in particular. So, for example, how can we identify vulnerabilities? What’s the canonical representation of those vulnerabilities? How do they manifest in Django and other frameworks? And, most importantly, how do we solve them?
Kevin: By the end of the course, students will be able to comprehend the Django framework architecture, describe risks affecting Django applications, write secure applications using Django, design secure Django applications, and describe steps to configure Django applications securely.
Kevin: It was created for developers. Attendees should have at least a familiarity with Python web development—particularly Django since most of the material is based on this framework.
Security professionals can also benefit. They can join in to learn more about vulnerabilities and how to combat them in Django. Overall, the course is geared toward a technical audience.
Kevin: Hands-on experience is a hugely valuable aspect. During this eight-hour course, half of the learning experience takes place through labs—learning from experience. A common misconception is that developers can do everything in Django and it’s designed to be secure. That’s simply not true. We want to teach people why that is the case and how to implement it securely.
Django was designed with security in mind, but you can still implement it in a way in which it’s still vulnerable to standard web attacks. For me, it’s a huge help to learn by doing. First, we’ll talk it out, learning about a variety of risks and solutions. Then, through hands-on labs, we invite attendees to edit some sample code to mitigate examples of potential risks.
Kevin: In addition to our in-person classroom training, Synopsys also offers virtual classroom training. The virtual classroom is ideal when attendees can’t all be in the same place at the same time. As long as you have a computer and an Internet connection, you’ll be able to join others in your training group.
Get the latest AppSec news and trends sent directly to you.