Secure Development Trainings

SCPy – DevSec Python Masterclass

Python Secure Development Training for Professionals at the Forefront of Code Security!



Davide Cioccia

Davide Cioccia

Founder and Principal Security Architect @ DCODX

Hi there! I’m Davide Cioccia, founder of DCODX, an ethical hacking, and DevSecOps consulting and coaching firm. Besides helping companies implement their Sec in DevOps, I’m also a developer of security tools (check our GitHub), OWASP Mobile Security Testing Guide contributor and DevSecCon Chapter Lead for the Netherlands. You can find my talks at security conferences like BlackHat, OWASP AppSec, DevSecCon, DevDays Europe and more online, together with some CVE disclosed to Microsoft and other big vendors. Enjoy my course :)

Course overview

Supercharge your Python security skills with our comprehensive Python DevSec Masterclass. Designed for developers and security enthusiasts, this immersive training program will equip you with the knowledge and techniques to fortify your Python applications against potential vulnerabilities. Key Features:
  1. Hands-on Learning
  2. Secure Coding Techniques
  3. Threat Detection and Mitigation
  4. Secure Development Lifecycle and automation
  5. Expert Guidance
Don’t miss this opportunity to become a Python Sec expert. Enroll your team in our Python DevSec Masterclass and gain the skills you need to safeguard your Python code effectively in today’s ever-evolving threat landscape.


  • Knowledge of Python3
  • Knowledge of MVC design patterns
  • Familiar with Python framework – Django, Flask
  • Familiar with most common frontend technologies and languages HTML, CSS and JavaScript
  • Interest in security

Target audience

  • Security Engineers
  • Security Champions
  • DevOps
  • Developers

Tools used

  • Any IDE
  • Docker (docker-compose)
  • Burp Suite Community edition
  • Coffee or Tea ☕️


Secure coding introduction
Secure coding principles
Transform an SDLC into Secure SDLC
OWASP Top 10 2021 and 2023
OWASP ASVS and security requirements
CVSS: how to rate vulnerabilities
Security features
Django Security features
Flask Security features
Python Security features
Server side Vulnerabilities
SQL Injection in Django
LAB: SQL Injection in Flask
LAB: Command and Code Injection
LAB: Deserialization issues in Python libraries
LAB: Server Side Template Injection in Flask
LAB: XML External Entities attacks
LAB: Server Side Request Forgery
Race Conditions
Client side vulnerabilities
LAB: XSS (Cross Side Scripting): DOM, Stored and Reflected
LAB: Client Side Open Redirect
LAB: CSRF (Cross Site Request Forgery)
LAB: CSTI (Client Side Template Injection)
Authentication and Authorization vulnerabilities and attacks
Authentication and Authorization principles in web security
LAB: IDOR (Insecure Direct Object Reference)
LAB: Path traversal in Flask
LAB: JWT attacks: Secret bruteforce, None algorithm attacks
LAB: Attacking wrong OAuth2 implementations
Vulnerable and Outdated Dependencies
Dependency graphs
The importance of SCA (Static Component Analysis)
LAB: Detecting known vulnerabilities using Snyk
Integrate SCA in the CI/CD pipeline
Scanning your code using Semgrep
Semgrep basics
LAB: Semgrep for Django
LAB: Semgrep for Flask
Semgrep automation