Python is a powerful and versatile programming language, frequently used in web applications. Building secure Python applications requires both platform configuration and secure coding practices. This course is a hands-on, lab-based course which presents risks and solutions and invites the student to edit some sample code to mitigate example risks. Students learn and practice both platform configuration and code-level techniques to find and fix security vulnerabilities in sample code.
The course teaches standard Python defensive programming techniques framed in a Django web application. Topics include safe file system access, session management, authentication, input validation/output encoding, cross-site request forgery, and injection attacks. For each of these concepts, the course covers common mistakes, subtle semantics that can surprise the unwary, and correct ways to invoke the right APIs. Students leave with a solid understanding of the fundamentals of building secure Python applications.