Desktop Application Security in Python

Desktop Application Security in PythonDASEC-PYCYCydrillCY-DASEC-PY1.0<ul> <li>Getting familiar with essential cyber security concepts</li><li>Identify vulnerabilities and their consequences</li><li>Learn the security best practices in Python</li><li>Input validation approaches and principles</li><li>Managing vulnerabilities in third party components</li><li>Understanding how cryptography can support appplication security</li><li>Learning how to use cryptographic APIs correctly in Python</li></ul>General Python developmentPython developers working on desktop applications<ul> <li>Cyber security basics</li><li>Input validation</li><li>Security features</li><li>Using vulnerable components</li><li>Cryptography for developers</li><li>Common software security weaknesses</li><li>Wrap up</li></ul>DAY 1 Cyber security basics <ul> <li>What is security?</li><li>Threat and risk</li><li>Cyber security threat types</li><li>Consequences of insecure software <ul> <li>Constraints and the market</li><li>The dark side</li></ul></li></ul>Input validation <ul> <li>Input validation principles <ul> <li>Blacklists and whitelists</li><li>Data validation techniques</li><li>Lab – Input validation</li><li>What to validate – the attack surface</li><li>Where to validate – defense in depth</li><li>How to validate – validation vs transformations</li><li>Output sanitization</li><li>Encoding challenges</li><li>Lab – Encoding challenges</li><li>Validation with regex</li><li>Regular expression denial of service (ReDoS)</li><li>Lab – Regular expression denial of service (ReDoS)</li><li>Dealing with ReDoS</li></ul></li><li>Injection <ul> <li>Injection principles</li><li>Injection attacks</li><li>SQL injection <ul> <li>SQL injection basics</li><li>Lab – SQL injection</li><li>Attack techniques</li><li>Content-based blind SQL injection</li><li>Time-based blind SQL injection</li></ul></li><li>SQL injection best practices <ul> <li>Input validation</li><li>Parameterized queries</li><li>Additional considerations</li><li>Lab – SQL injection best practices</li><li>Case study – Hacking Fortnite accounts</li></ul></li><li>Code injection <ul> <li>Code injection via input()</li><li>OS command injection <ul> <li>Lab – Command injection</li><li>OS command injection best practices</li><li>Avoiding command injection with the right APIs</li><li>Lab – Command injection best practices</li><li>Case study – Shellshock</li><li>Lab – Shellshock</li><li>Case study – Command injection via ping</li><li>Python module hijacking</li><li>Lab – Module hijacking</li></ul></li></ul></li><li>General protection best practices</li></ul></li></ul>DAY 2 Input validation <ul> <li>Integer handling problems <ul> <li>Representing signed numbers</li><li>Integer visualization</li><li>Integers in Python</li><li>Integer overflow</li><li>Integer overflow with ctypes and numpy</li><li>Lab – Integer problems in Python</li><li>Other numeric problems <ul> <li>Division by zero</li><li>Other numeric problems in Python</li><li>Working with floating-point numbers</li></ul></li></ul></li><li>Files and streams <ul> <li>Path traversal</li><li>Path traversal-related examples</li><li>Lab – Path traversal</li><li>Additional challenges in Windows</li><li>Virtual resources</li><li>Path traversal best practices</li><li>Format string issues</li></ul></li><li>Unsafe native code <ul> <li>Native code dependence</li><li>Lab – Unsafe native code</li><li>Best practices for dealing with native code</li></ul></li></ul>Security features <ul> <li>Authentication <ul> <li>Authentication basics</li><li>Multi-factor authentication</li><li>Authentication weaknesses – spoofing</li><li>Case study – PayPal 2FA bypass</li><li>Password management <ul> <li>Inbound password management <ul> <li>Storing account passwords</li><li>Password in transit</li><li>Lab – Is just hashing passwords enough?</li><li>Dictionary attacks and brute forcing</li><li>Salting</li><li>Adaptive hash functions for password storage</li><li>Password policy <ul> <li>NIST authenticator requirements for memorized secrets</li><li>Password length</li><li>Password hardening</li><li>Using passphrases</li><li>Password change</li><li>Forgotten passwords</li><li>Lab – Password reset weakness</li></ul></li><li>Case study – The Ashley Madison data breach <ul> <li>The dictionary attack</li><li>The ultimate crack</li><li>Exploitation and the lessons learned</li></ul></li><li>Password database migration</li></ul></li><li>Outbound password management <ul> <li>Hard coded passwords</li><li>Best practices</li><li>Lab – Hardcoded password</li><li>Protecting sensitive information in memory <ul> <li>Challenges in protecting memory</li></ul></li></ul></li></ul></li></ul></li><li>Information exposure <ul> <li>Exposure through extracted data and aggregation</li><li>Case study – Strava data exposure</li><li>System information leakage <ul> <li>Leaking system information</li></ul></li><li>Information exposure best practices</li></ul></li><li>Python platform security <ul> <li>The Python ecosystem and its attack surface</li><li>Python bytecode and security</li><li>Security features offered by the Python runtime</li><li>PEP 578 and audit hooks</li><li>Sandboxing Python</li></ul></li></ul>Using vulnerable components <ul> <li>Assessing the environment</li><li>Hardening</li><li>Malicious packages in Python</li><li>Vulnerability management <ul> <li>Patch management</li><li>Bug bounty programs</li><li>Vulnerability databases</li><li>Vulnerability rating – CVSS</li><li>DevOps, the build process and CI / CD</li><li>Dependency checking in Python</li><li>Lab – Detecting vulnerable components</li></ul></li></ul>DAY 3 Cryptography for developers <ul> <li>Cryptography basics</li><li>Cryptography in Python</li><li>Elementary algorithms <ul> <li>Random number generation <ul> <li>Pseudo random number generators (PRNGs)</li><li>Cryptographically strong PRNGs</li><li>Using virtual random streams</li><li>Weak and strong PRNGs</li><li>Using random numbers in Python</li><li>Case study – Equifax credit account freeze</li><li>Lab – Using random numbers in Python</li></ul></li><li>Hashing <ul> <li>Hashing basics</li><li>Common hashing mistakes</li><li>Hashing in Python</li><li>Lab – Hashing in Python</li></ul></li></ul></li><li>Confidentiality protection <ul> <li>Symmetric encryption <ul> <li>Block ciphers</li><li>Modes of operation</li><li>Modes of operation and IV – best practices</li><li>Symmetric encryption in Python</li><li>Lab – Symmetric encryption in Python</li><li>Asymmetric encryption <ul> <li>The RSA algorithm <ul> <li>Using RSA – best practices</li><li>RSA in Python</li></ul></li><li>Elliptic Curve Cryptography <ul> <li>The ECC algorithm</li><li>Using ECC – best practices</li><li>ECC in Python</li></ul></li><li>Combining symmetric and asymmetric algorithms <ul> <li>Key exchange</li><li>Diffie-Hellman key agreement algorithm</li><li>Key exchange pitfalls and best practices</li></ul></li></ul></li></ul></li></ul></li><li>Integrity protection <ul> <li>Authenticity and non-repudiation</li><li>Message Authentication Code (MAC) <ul> <li>MAC in Python</li><li>Lab – Calculating MAC in Python</li></ul></li><li>Digital signature <ul> <li>Digital signature with RSA</li><li>Digital signature with ECC</li><li>Digital signature in Python</li></ul></li></ul></li><li>Public Key Infrastructure (PKI) <ul> <li>Some further key management challenges</li><li>Certificates <ul> <li>Chain of trust</li><li>PGP – Web of Trust</li><li>Certificate management – best practices</li></ul></li></ul></li></ul>Common software security weaknesses <ul> <li>Time and state <ul> <li>Race conditions <ul> <li>File race condition <ul> <li>Time of check to time of usage – TOCTTOU</li><li>Insecure temporary file</li></ul></li><li>Avoiding race conditions in Python <ul> <li>Thread safety and the Global Interpreter Lock (GIL)</li><li>Case study: TOCTTOU in Calamares</li></ul></li></ul></li></ul></li><li>Errors <ul> <li>Error and exception handling principles</li><li>Error handling <ul> <li>Returning a misleading status code</li><li>Information exposure through error reporting</li></ul></li><li>Exception handling <ul> <li>In the except,catch block. And now what?</li><li>Empty catch block</li><li>The danger of assert statements</li><li>Lab – Exception handling mess</li></ul></li></ul></li><li>Code quality <ul> <li>Language elements <ul> <li>Using dangerous language elements</li><li>Using obsolete language elements</li><li>Portability flaw</li><li>Module injection and monkey patching</li><li>Dangers of compile(), exec() and eval()</li><li>Sandboxing Python</li></ul></li></ul></li><li>Denial of service <ul> <li>Denial of Service</li><li>Resource exhaustion</li><li>Cash overflow</li><li>Flooding</li><li>Algorithm complexity issues</li></ul></li></ul>Wrap up <ul> <li>Secure coding principles <ul> <li>Principles of robust programming by Matt Bishop</li><li>Secure design principles of Saltzer and Schröder</li></ul></li><li>And now what? <ul> <li>Software security sources and further reading</li><li>Python resources</li></ul></li></ul>- Getting familiar with essential cyber security concepts - Identify vulnerabilities and their consequences - Learn the security best practices in Python - Input validation approaches and principles - Managing vulnerabilities in third party components - Understanding how cryptography can support appplication security - Learning how to use cryptographic APIs correctly in PythonGeneral Python developmentPython developers working on desktop applications- Cyber security basics - Input validation - Security features - Using vulnerable components - Cryptography for developers - Common software security weaknesses - Wrap upDAY 1 Cyber security basics - What is security? - Threat and risk - Cyber security threat types - Consequences of insecure software - Constraints and the market - The dark side Input validation - Input validation principles - Blacklists and whitelists - Data validation techniques - Lab – Input validation - What to validate – the attack surface - Where to validate – defense in depth - How to validate – validation vs transformations - Output sanitization - Encoding challenges - Lab – Encoding challenges - Validation with regex - Regular expression denial of service (ReDoS) - Lab – Regular expression denial of service (ReDoS) - Dealing with ReDoS - Injection - Injection principles - Injection attacks - SQL injection - SQL injection basics - Lab – SQL injection - Attack techniques - Content-based blind SQL injection - Time-based blind SQL injection - SQL injection best practices - Input validation - Parameterized queries - Additional considerations - Lab – SQL injection best practices - Case study – Hacking Fortnite accounts - Code injection - Code injection via input() - OS command injection - Lab – Command injection - OS command injection best practices - Avoiding command injection with the right APIs - Lab – Command injection best practices - Case study – Shellshock - Lab – Shellshock - Case study – Command injection via ping - Python module hijacking - Lab – Module hijacking - General protection best practices DAY 2 Input validation - Integer handling problems - Representing signed numbers - Integer visualization - Integers in Python - Integer overflow - Integer overflow with ctypes and numpy - Lab – Integer problems in Python - Other numeric problems - Division by zero - Other numeric problems in Python - Working with floating-point numbers - Files and streams - Path traversal - Path traversal-related examples - Lab – Path traversal - Additional challenges in Windows - Virtual resources - Path traversal best practices - Format string issues - Unsafe native code - Native code dependence - Lab – Unsafe native code - Best practices for dealing with native code Security features - Authentication - Authentication basics - Multi-factor authentication - Authentication weaknesses – spoofing - Case study – PayPal 2FA bypass - Password management - Inbound password management - Storing account passwords - Password in transit - Lab – Is just hashing passwords enough? - Dictionary attacks and brute forcing - Salting - Adaptive hash functions for password storage - Password policy - NIST authenticator requirements for memorized secrets - Password length - Password hardening - Using passphrases - Password change - Forgotten passwords - Lab – Password reset weakness - Case study – The Ashley Madison data breach - The dictionary attack - The ultimate crack - Exploitation and the lessons learned - Password database migration - Outbound password management - Hard coded passwords - Best practices - Lab – Hardcoded password - Protecting sensitive information in memory - Challenges in protecting memory - Information exposure - Exposure through extracted data and aggregation - Case study – Strava data exposure - System information leakage - Leaking system information - Information exposure best practices - Python platform security - The Python ecosystem and its attack surface - Python bytecode and security - Security features offered by the Python runtime - PEP 578 and audit hooks - Sandboxing Python Using vulnerable components - Assessing the environment - Hardening - Malicious packages in Python - Vulnerability management - Patch management - Bug bounty programs - Vulnerability databases - Vulnerability rating – CVSS - DevOps, the build process and CI / CD - Dependency checking in Python - Lab – Detecting vulnerable components DAY 3 Cryptography for developers - Cryptography basics - Cryptography in Python - Elementary algorithms - Random number generation - Pseudo random number generators (PRNGs) - Cryptographically strong PRNGs - Using virtual random streams - Weak and strong PRNGs - Using random numbers in Python - Case study – Equifax credit account freeze - Lab – Using random numbers in Python - Hashing - Hashing basics - Common hashing mistakes - Hashing in Python - Lab – Hashing in Python - Confidentiality protection - Symmetric encryption - Block ciphers - Modes of operation - Modes of operation and IV – best practices - Symmetric encryption in Python - Lab – Symmetric encryption in Python - Asymmetric encryption - The RSA algorithm - Using RSA – best practices - RSA in Python - Elliptic Curve Cryptography - The ECC algorithm - Using ECC – best practices - ECC in Python - Combining symmetric and asymmetric algorithms - Key exchange - Diffie-Hellman key agreement algorithm - Key exchange pitfalls and best practices - Integrity protection - Authenticity and non-repudiation - Message Authentication Code (MAC) - MAC in Python - Lab – Calculating MAC in Python - Digital signature - Digital signature with RSA - Digital signature with ECC - Digital signature in Python - Public Key Infrastructure (PKI) - Some further key management challenges - Certificates - Chain of trust - PGP – Web of Trust - Certificate management – best practices Common software security weaknesses - Time and state - Race conditions - File race condition - Time of check to time of usage – TOCTTOU - Insecure temporary file - Avoiding race conditions in Python - Thread safety and the Global Interpreter Lock (GIL) - Case study: TOCTTOU in Calamares - Errors - Error and exception handling principles - Error handling - Returning a misleading status code - Information exposure through error reporting - Exception handling - In the except,catch block. And now what? - Empty catch block - The danger of assert statements - Lab – Exception handling mess - Code quality - Language elements - Using dangerous language elements - Using obsolete language elements - Portability flaw - Module injection and monkey patching - Dangers of compile(), exec() and eval() - Sandboxing Python - Denial of service - Denial of Service - Resource exhaustion - Cash overflow - Flooding - Algorithm complexity issues Wrap up - Secure coding principles - Principles of robust programming by Matt Bishop - Secure design principles of Saltzer and Schröder - And now what? - Software security sources and further reading - Python resources3 days2250.002250.002250.002250.002250.002250.002250.002250.002250.002250.002250.00