Join our in person Smart Contract Hacking training at BlackHat Asia 2025

Secure Development Trainings

SCPy – DevSec Python Masterclass

Python Secure Development Training for Professionals at the Forefront of Code Security!

Online

Trainers

Picture of Stefan Petrushevski

Stefan Petrushevski

Principal Security Consultant @ DCODX

“Build it, break it, fix it better!” is something I often say. I am a seasoned cybersecurity professional who has been in the field for more than a decade. I have a formal education in computer science and extensive experience in security evaluation, security research, and building secure products across multiple verticals. In recent years, my focus has been AppSec, where I’m working on bridging the gap between security and engineering teams, making security an interesting and enjoyable aspect of everyone’s life. Outside of the cyber world, I have an active lifestyle and enjoy sports. Currently, I am re-introducing music into my life, as it is the space where, aside from hacking, I express my creativity the best.

Course overview

Supercharge your Python security skills with our comprehensive Python DevSec Masterclass. Designed for developers and security enthusiasts, this immersive training program will equip you with the knowledge and techniques to fortify your Python applications against potential vulnerabilities. Key Features:
  1. Hands-on Learning
  2. Secure Coding Techniques
  3. Threat Detection and Mitigation
  4. Secure Development Lifecycle and automation
  5. Expert Guidance
Don’t miss this opportunity to become a Python Sec expert. Enroll your team in our Python DevSec Masterclass and gain the skills you need to safeguard your Python code effectively in today’s ever-evolving threat landscape.

Prerequisites

  • Knowledge of Python3
  • Knowledge of MVC design patterns
  • Familiar with Python framework – Django, Flask
  • Familiar with most common frontend technologies and languages HTML, CSS and JavaScript
  • Interest in security

Target audience

  • Security Engineers
  • Security Champions
  • DevOps
  • Developers

Tools used

  • Any IDE
  • Docker (docker-compose)
  • Burp Suite Community edition
  • Coffee or Tea ☕️

Syllabus

Secure coding introduction
Secure coding principles
Transform an SDLC into Secure SDLC
OWASP Top 10 2021 and 2023
OWASP ASVS and security requirements
CVSS: how to rate vulnerabilities
Security features
Django Security features
Flask Security features
Python Security features
Server side Vulnerabilities
SQL Injection in Django
LAB: SQL Injection in Flask
LAB: Command and Code Injection
LAB: Deserialization issues in Python libraries
LAB: Server Side Template Injection in Flask
LAB: XML External Entities attacks
LAB: Server Side Request Forgery
Race Conditions
Client side vulnerabilities
LAB: XSS (Cross Side Scripting): DOM, Stored and Reflected
LAB: Client Side Open Redirect
LAB: CSRF (Cross Site Request Forgery)
LAB: CSTI (Client Side Template Injection)
Authentication and Authorization vulnerabilities and attacks
Authentication and Authorization principles in web security
LAB: IDOR (Insecure Direct Object Reference)
LAB: Path traversal in Flask
LAB: JWT attacks: Secret bruteforce, None algorithm attacks
LAB: Attacking wrong OAuth2 implementations
Vulnerable and Outdated Dependencies
Dependency graphs
The importance of SCA (Static Component Analysis)
LAB: Detecting known vulnerabilities using Snyk
Integrate SCA in the CI/CD pipeline
Scanning your code using Semgrep
Semgrep basics
LAB: Semgrep for Django
LAB: Semgrep for Flask
Semgrep automation