Python: Web Development And Penetration Testing

An all-in-one guide to building secure web apps with Python and Django. Start with basic Python, finish as an expert!

What you'll learn

Learn how to build and structure efficient Python web applications

Create and use your own custom middleware for Django web apps

Conduct end-to-end web application penetration testing in a live environment

Build an in-depth understanding of the process behind web pen testing

Stay relevant by laying the groundwork for further penetration testing exposure

Requirements

You should be familiar with Python syntax and data structures

You will need to have a Python development environment ready to go (2.7)

Prior experience with Django will be useful, but not required (1.8)

Description

Do you want to quickly build web applications that are highly scalable and secure by design? Are you keen on using your existing Python skills for web development instead of learning a completely new language?
This carefully structured course combines text, video and assessment content. It focuses on Python, starting out with core coverage of the Django framework. You'll learn how to build web applications from the ground up, in a responsible and scalable way. The latter sections then detail how you can take your web application and run it through a suite of comprehensive tests that prepare it for real-world security threats and exploits.
By taking this course you will not just learn about web development with Python. You'll understand how to build web applications properly, in a manner that lets you test and improve them responsibly to a professional standard.
Why should I choose this course?
We've spent the last decade working to help developers stay relevant. The structure of this course is a result of deep and intensive research into what real-world developers need to know in order to be job-ready. We don't spend too long on theory, and focus on practical results so that you can see for yourself how things work in action.
What details do you cover?
This course makes use of Django, which is one of the world's leading web development frameworks. As it sits within the Python ecosystem, it makes your application development experience extremely easy to approach without compromising on efficiency.
We start off by learning about class-based views, so that you can start building pages that respond to specific requests and URL structures. We’ll then dive into creating custom middleware, which will help us reuse code, resulting in a more complete introductory web application.
Have you ever wanted to build a complete REST API? Our next step is to do just that. Starting out with basic read-only functionality, we'll also add key-based authentication so that we can properly implement a CRUD (Create, Read, Update and Delete) feature set.
The latter part of the course will start with an overview of the web application penetration testing methodology. We also dive into the suite of tools used by real-world professionals so that you can start compiling your very own toolkit.
We don't just cover the background to penetration testing. We'll show you how to intercept HTTP techniques and interact  directly with web applications using Python and the requests library. We'll also show you several web crawling techniques, on top of highly sought after SQL injection methods. You'll also lean how to write and develop your own custom tooling and reference scripts to save you time, just like the professionals.
By the time you reach the end, you'll have gone through the entire process of building and validating web applications with Django and Python. We've complied this into one easy reference that reflects the working habits of actual penetration testers to deliver the most accurate learning experience as possible.
We combine the best of the following Packt products:
Mastering Django Web Development by Kevin Veroneau and Matthew NuzumPython Web Penetration Testing Cookbook by Cameron Buchanan et al.Learning Python Web Penetration Testing by Christian MartorellaTestimonials:
The source content have been received well by the audience. Here are a couple of reviews:
"Excellent videos with real case scenarios and code examples. Good explanations (e. g. how to find SQL code injection gaps)."- Anonymous Customer."I loved the books and learnt new skills."- Jatandar
Meet your expert instructors:
Christian Martorella has been working in security testing for more than 10 years. He is the author of multiple widely used penetration testing tools like Wfuzz, Metagoofil, theHarvester, and Webslayer, all of them included in Backtrack and Kali, and written in Python. He has presented security research in many conferences such as OWASP Summits, OWASP Meeting London and Barcelona, BlackHat Arsenal, Hack.lu, and OSIRA.
Matthew Nuzum has been developing web applications since 1999 and has worked for several start-ups including Canonical, the makers of Ubuntu, as well as several other Fortune 500 companies. He has a passion for helping others learn new technologies and has written numerous tutorials and help documents as well as running a web-focused user group based in his hometown of Des Moines.
Kevin Veroneau is a highly active Python and Django developer who has worked for many start-ups,. He has an active Python blog, and has worked on a magnitude of Python projects over the years.
Cameron Buchanan is a penetration tester by trade and a writer in his spare time. He has performed penetration tests around the world for a variety of clients across many industries. Previously, he was a member of the RAF.
Meet your managing editor:
This course has been planned and designed for you by me, Tanmayee Patil. I'm here to help you be successful every step of the way, and get maximum value out of your course purchase. If you have any questions along the way, you can reach out to me and our author group via the instructor contact feature on Udemy.

Overview

Section 1: Advanced Uses of Class-based Views

Lecture 1 Django Overview

Lecture 2 Understanding Class-based Views

Lecture 3 Using Mixins

Lecture 4 Creating Custom Class-based Views

Lecture 5 Creating a Switchboard View

Section 2: Building Custom Middleware

Lecture 6 What is Middleware?

Lecture 7 Creating your Own Custom Middleware

Lecture 8 Middleware to Handle Exceptions

Section 3: Creating Custom Template Tags and Filters

Lecture 9 Creating Template Filters

Lecture 10 Building Custom Template Tags

Section 4: Building a REST API

Lecture 11 Using Tastypie to Create a REST API

Lecture 12 Handling Complex Queries with Our API

Lecture 13 Adding Authentication and CRUD Support

Section 5: Advanced Database Modeling

Lecture 14 Understanding Generic Relationships

Lecture 15 Data Management using Formsets

Lecture 16 Learning Advanced Queries with Q()

Section 6: Learning Caching for Optimum Performance

Lecture 17 Low-level Caching

Lecture 18 Caching with Middleware

Lecture 19 Using the Template Cache

Section 7: Management and Maintenance of Your Application

Lecture 20 Exploring Model Managers

Lecture 21 Using a Model Manager to Create New Objects

Lecture 22 Creating manage.py Commands

Section 8: Introduction to the Web Application Penetration Testing

Lecture 23 Understanding the Web Application Penetration Testing Process

Lecture 24 Typical Web Application Toolkit

Lecture 25 Exploring the Testing Environment

Section 9: Learning Web Crawling with Scrapy

Lecture 26 What is Web Application Mapping?

Lecture 27 Creating a Crawler with Scrapy

Lecture 28 Understanding Recursive Crawling

Lecture 29 Extracting Information

Section 10: Exploring Resources Discovery

Lecture 30 What is Resource Discovery?

Lecture 31 Building Our First Brute Forcer

Lecture 32 Analyzing the Results

Lecture 33 Adding More Information

Lecture 34 Taking Screenshots of the Findings

Section 11: Encryption and Encoding

Lecture 35 Generating an MD5 hash

Lecture 36 Generating an SHA 1/128/256 Hash

Lecture 37 Implementing SHA and MD5 Hashes Together

Lecture 38 Implementing SHA in a Real-world Scenario

Lecture 39 Cracking an MD5 Hash

Lecture 40 ​Encoding with Base64

Section 12: Password Testing

Lecture 41 How Password Attacks Work?

Lecture 42 Our First Password Brute Forcer

Lecture 43 Adding Support for Digest Authentication

Lecture 44 Form-based Authentication

Section 13: Detecting and Exploiting SQL Injection Vulnerabilities

Lecture 45 SQL Injection Vulnerability

Lecture 46 Detecting SQL Injection Issues

Lecture 47 Exploiting a SQL Injection to Extract Data

Lecture 48 Advanced SQLi Exploiting

Section 14: Intercepting HTTP Requests

Lecture 49 HTTP Proxy Anatomy

Lecture 50 Introduction to Mitmproxy

Lecture 51 Manipulating HTTP Requests

Lecture 52 Automating SQLi in Mitmproxy

Lecture 53 Wrapping Up

If you want to build upon your existing Python knowledge and get job-ready, then this is the course for you., It focuses on two highly sought after specialist areas; web development and penetration testing. By combining coverage like this we’re able to guide you through the entire stack step-by-step, so you build real world exposure in a way that mirrors how the professionals work in the real world.