You are previewing Learning Path: Python Web Penetration Testing.
O'Reilly logo
Learning Path: Python Web Penetration Testing

Video Description

Build secure web applications with Python

In Detail

Flask and Python combined can help you build and structure effective Web APIs. In this course, you will get an understanding of how REST works relative to APIs, and we’ll cover how to test APIs written in Python with the support of Flask. We will then progress by securing our web APIs with HTTPs. The use of Python allows testers to write system-specific scripts, or alter and extend existing testing tools to find, exploit, and record as many security weaknesses as possible just as professional hackers do. By the end of the course, you will learn various cyber attacks modify existing tools to suit your application’s needs.

Prerequisites: Build secure web applications with Python

Resources: Code downloads and errata:

  • Web API Development with Flask

  • Learning Python Web Penetration Testing

  • PATH PRODUCTS

    This path navigates across the following products (in sequential order):

  • Web API Development with Flask (1h 40m)

  • Learning Python Web Penetration Testing (2h 50m)

  • Table of Contents

    1. Chapter 1 : Web API Development with Flask
      1. The Course Overview 00:02:42
      2. Setting Up Flask and Creating Your First Flask Application 00:06:09
      3. Custom Routing Configuration 00:09:15
      4. Flask Template Usage 00:06:35
      5. Flask Flash Messages and Custom Error Pages 00:03:25
      6. CRUD and REST Basics 00:03:08
      7. Using SQLAlchemy for Model Mapping 00:03:54
      8. Implementing Create 00:03:12
      9. Implementing Read 00:02:45
      10. Implementing Update 00:03:54
      11. Implementing Delete 00:02:43
      12. Hypermedia 00:04:36
      13. Implementing Pagination 00:02:36
      14. RESTful Authentication 00:06:27
      15. HTTP Caching 00:03:07
      16. Error Handling in RESTful APIs 00:04:43
      17. Guidelines for Building Large Projects 00:04:14
      18. Why Use HTTPS? 00:03:03
      19. Token Authentication 00:04:44
      20. Usage of Cookies 00:02:49
      21. Storing Passwords 00:03:49
      22. Using the Flask Test Client 00:02:36
      23. Testing Custom Flask Routes 00:03:17
      24. Testing CRUD 00:03:14
      25. Testing Authentication 00:03:16
    2. Chapter 2 : Learning Python Web Penetration Testing
      1. The Course Overview 00:05:58
      2. Understanding Web Application Penetration Testing Process 00:07:50
      3. Typical Web Application Toolkit 00:06:19
      4. Testing Environment 00:06:15
      5. HTTP Protocol Basics 00:07:10
      6. Anatomy of an HTTP Request 00:07:56
      7. Interacting with Web Apps Using Requests Library 00:10:25
      8. Analyzing the Responses 00:07:23
      9. Web Application Mapping 00:03:36
      10. Creating a Crawler with Scrapy 00:07:57
      11. Recursive Crawling 00:03:43
      12. Extracting Information 00:05:24
      13. What Is Resource Discovery? 00:04:02
      14. Building Our First Brute Forcer 00:05:25
      15. Analyzing the Results 00:05:17
      16. Adding More Information 00:03:54
      17. Taking Screenshots of the Findings 00:04:16
      18. How Password Attacks Work? 00:04:57
      19. Our First Password Brute Forcer 00:04:38
      20. Adding Support for Digest Authentication 00:04:43
      21. Form-based Authentication 00:07:08
      22. SQL Injection Vulnerability 00:04:50
      23. Detecting SQL Injection Issues 00:08:09
      24. Exploiting a SQL Injection to Extract Data 00:06:00
      25. Advanced SQLi Exploiting 00:03:56
      26. HTTP Proxy Anatomy 00:04:07
      27. Introduction to mitmproxy 00:03:54
      28. Manipulating HTTP Requests 00:06:53
      29. Automating SQLi in mitmproxy 00:04:38
      30. Wrapping Up 00:03:55