Contenuti dettagliati del Corso
DAY 1
Cyber security basics
- What is security?
- Threat and risk
- Cyber security threat types
- Consequences of insecure software
- Constraints and the market
- The dark side
Input validation
- Input validation principles
- Blacklists and whitelists
- Data validation techniques
- Lab – Input validation
- What to validate – the attack surface
- Where to validate – defense in depth
- How to validate – validation vs transformations
- Output sanitization
- Encoding challenges
- Lab – Encoding challenges
- Validation with regex
- Regular expression denial of service (ReDoS)
- Lab – Regular expression denial of service (ReDoS)
- Dealing with ReDoS
- Injection
- Injection principles
- Injection attacks
- SQL injection
- SQL injection basics
- Lab – SQL injection
- Attack techniques
- Content-based blind SQL injection
- Time-based blind SQL injection
- SQL injection best practices
- Input validation
- Parameterized queries
- Additional considerations
- Lab – SQL injection best practices
- Case study – Hacking Fortnite accounts
- Code injection
- Code injection via input()
- OS command injection
- Lab – Command injection
- OS command injection best practices
- Avoiding command injection with the right APIs
- Lab – Command injection best practices
- Case study – Shellshock
- Lab – Shellshock
- Case study – Command injection via ping
- Python module hijacking
- Lab – Module hijacking
- General protection best practices
DAY 2
Input validation
- Integer handling problems
- Representing signed numbers
- Integer visualization
- Integers in Python
- Integer overflow
- Integer overflow with ctypes and numpy
- Lab – Integer problems in Python
- Other numeric problems
- Division by zero
- Other numeric problems in Python
- Working with floating-point numbers
- Files and streams
- Path traversal
- Path traversal-related examples
- Lab – Path traversal
- Additional challenges in Windows
- Virtual resources
- Path traversal best practices
- Format string issues
- Unsafe native code
- Native code dependence
- Lab – Unsafe native code
- Best practices for dealing with native code
Security features
- Authentication
- Authentication basics
- Multi-factor authentication
- Authentication weaknesses – spoofing
- Case study – PayPal 2FA bypass
- Password management
- Inbound password management
- Storing account passwords
- Password in transit
- Lab – Is just hashing passwords enough?
- Dictionary attacks and brute forcing
- Salting
- Adaptive hash functions for password storage
- Password policy
- NIST authenticator requirements for memorized secrets
- Password length
- Password hardening
- Using passphrases
- Password change
- Forgotten passwords
- Lab – Password reset weakness
- Case study – The Ashley Madison data breach
- The dictionary attack
- The ultimate crack
- Exploitation and the lessons learned
- Password database migration
- Outbound password management
- Hard coded passwords
- Best practices
- Lab – Hardcoded password
- Protecting sensitive information in memory
- Challenges in protecting memory
- Inbound password management
- Information exposure
- Exposure through extracted data and aggregation
- Case study – Strava data exposure
- System information leakage
- Leaking system information
- Information exposure best practices
- Python platform security
- The Python ecosystem and its attack surface
- Python bytecode and security
- Security features offered by the Python runtime
- PEP 578 and audit hooks
- Sandboxing Python
Using vulnerable components
- Assessing the environment
- Hardening
- Malicious packages in Python
- Vulnerability management
- Patch management
- Bug bounty programs
- Vulnerability databases
- Vulnerability rating – CVSS
- DevOps, the build process and CI / CD
- Dependency checking in Python
- Lab – Detecting vulnerable components
DAY 3
Cryptography for developers
- Cryptography basics
- Cryptography in Python
- Elementary algorithms
- Random number generation
- Pseudo random number generators (PRNGs)
- Cryptographically strong PRNGs
- Using virtual random streams
- Weak and strong PRNGs
- Using random numbers in Python
- Case study – Equifax credit account freeze
- Lab – Using random numbers in Python
- Hashing
- Hashing basics
- Common hashing mistakes
- Hashing in Python
- Lab – Hashing in Python
- Random number generation
- Confidentiality protection
- Symmetric encryption
- Block ciphers
- Modes of operation
- Modes of operation and IV – best practices
- Symmetric encryption in Python
- Lab – Symmetric encryption in Python
- Asymmetric encryption
- The RSA algorithm
- Using RSA – best practices
- RSA in Python
- Elliptic Curve Cryptography
- The ECC algorithm
- Using ECC – best practices
- ECC in Python
- Combining symmetric and asymmetric algorithms
- Key exchange
- Diffie-Hellman key agreement algorithm
- Key exchange pitfalls and best practices
- The RSA algorithm
- Symmetric encryption
- Integrity protection
- Authenticity and non-repudiation
- Message Authentication Code (MAC)
- MAC in Python
- Lab – Calculating MAC in Python
- Digital signature
- Digital signature with RSA
- Digital signature with ECC
- Digital signature in Python
- Public Key Infrastructure (PKI)
- Some further key management challenges
- Certificates
- Chain of trust
- PGP – Web of Trust
- Certificate management – best practices
Common software security weaknesses
- Time and state
- Race conditions
- File race condition
- Time of check to time of usage – TOCTTOU
- Insecure temporary file
- Avoiding race conditions in Python
- Thread safety and the Global Interpreter Lock (GIL)
- Case study: TOCTTOU in Calamares
- File race condition
- Race conditions
- Errors
- Error and exception handling principles
- Error handling
- Returning a misleading status code
- Information exposure through error reporting
- Exception handling
- In the except,catch block. And now what?
- Empty catch block
- The danger of assert statements
- Lab – Exception handling mess
- Code quality
- Language elements
- Using dangerous language elements
- Using obsolete language elements
- Portability flaw
- Module injection and monkey patching
- Dangers of compile(), exec() and eval()
- Sandboxing Python
- Language elements
- Denial of service
- Denial of Service
- Resource exhaustion
- Cash overflow
- Flooding
- Algorithm complexity issues
Wrap up
- Secure coding principles
- Principles of robust programming by Matt Bishop
- Secure design principles of Saltzer and Schröder
- And now what?
- Software security sources and further reading
- Python resources