CUSTOMISED
Expert-led training for your team
Dismiss

Security for Python training course

This intensive courses equips Python developers to build secure web applications. From cryptographic fundamentals to real-world implementation patterns, you'll learn how to identify vulnerabilities and implement robust security measures at every layer of your application with a Defence in Depth approach

JBI training course London UK

"Our tailored course provided a well rounded introduction and also covered some intermediate level topics that we needed to know. Clive gave us some best practice ideas and tips to take away. Fast paced but the instructor never lost any of the delegates"

Brian Leek, Data Analyst, May 2022

Public Courses

20/01/25 - 2 days
£2250 +VAT
Enrol 
03/03/25 - 2 days
£2250 +VAT
Enrol 
14/04/25 - 2 days
£2250 +VAT
Enrol 

Customised Courses

* Train a team
* Tailor content
* Flex dates
From £1200 / day
Highlights Details Audience Feedback Prices/Dates Related Courses
Public Courses
EDF logo Capita logo Sky logo NHS logo RBS logo BBC logo CISCO logo
JBI training course London UK
  • Core Python Security Fundamentals
  • Cryptography and Data Security
  • Authentication and Authorization
  • Secure Coding Practices
  • Network Security
  • Infrastructure Security
  • Security Tools and Testing
  • Operational Security

 

Course Details

Core Python Security Fundamentals

  • Security principles and defence in depth strategies with Python frameworks
  • Implementing OWASP Top 10 protections in Django and Flask applications
  • Security principles and defence in depth strategies
  • Principles from The OWASP Web Security Testing Guide
  • Threat modelling and the security requirements document
  • The principles of least privilege and deny by default
  • Zero trust architecture fundamentals
  • Building zero trust architecture with OpenZiti's Python SDK


Cryptography and Data Security

  • Hashing, encryption, and digital signatures
  • Symmetric encryption and public key encryption
  • Secure password storage and management
  • Using Python's hashlib and hmac modules for secure hashing
  • Using Python's cryptography libraries correctly
  • Data encryption at rest and in transit
  • Data encryption at rest using Django's encrypted model fields and SQLAlchemy StringEncryptedType

 

Authentication and Authorization

  • Secure session management
  • OAuth 2.0 and JWT for authentication
  • Oauth2 with the Python library authlib
  • JWT handling with PyJWT and managing token lifecycles
  • Role-based access control (RBAC), plus alternatives
  • Multi-factor authentication
  • Managing access tokens and permissions


Secure Coding Practices

  • Proven security with modern cryptography algorithms
  • Protection against SQL injection
  • Input validation and sanitisation
  • Using secrets vs random for cryptographic operations
  • Sanitizing logs in Python applications
  • Django template escaping and Flask/Jinja2 for XSS prevention
  • Preventing timing attacks and token prediction attacks
  • Cryptographically secure randomness
  • Cross-site scripting (XSS) prevention
  • Cross-site request forgery (CSRF) protection
  • Secure file handling and upload validation
  • Preventing TLS downgrade attacks


Network Security

  • Networking fundamentals
  • TLS/SSL implementation and certificate management
  • Secure API design and implementation
  • WebSocket security
  • Network architecture and segmentation
  • Firewalls, routers, network interfaces
  • Protocols, HTTP & TLS, with the Python standard library
  • Application deployment
  • Software Defined Networking


Infrastructure Security

  • Container security best practices
  • Secure deployment patterns
  • Network interfaces and routing
  • Building DMZ architectures for Python web applications
  • Virtual private networks (VPN)


Security Tools and Testing

  • Static analysis with bandit and ruff
  • Dependency scanning using pip-audit
  • Automated security testing integration
  • Container scanning and runtime protection
  • Code review practices for security


Operational Security

  • Live security alerts
  • Statutory duties around security
  • Monitoring Python applications for security issues
  • Security patch management for Python applications
  • Updating and patching strategies
JBI training course London UK
  • Python Developers
  • Software Engineers
  • Security Professionals (SecDevOps)
  • Software Architects
  • Data Scientists & Machine Learning Engineers
  • Quality Assurance Engineers
  • Developers Transitioning to Security
  • Ethical Hackers and Penetration Testers
  • Project Managers and Product Owners
5 star

4.8 out of 5 average

"Our tailored course provided a well rounded introduction and also covered some intermediate level topics that we needed to know. Clive gave us some best practice ideas and tips to take away. Fast paced but the instructor never lost any of the delegates"

Brian Leek, Data Analyst, May 2022



“JBI  did a great job of customizing their syllabus to suit our business  needs and also bringing our team up to speed on the current best practices. Our teams varied widely in terms of experience and  the Instructor handled this particularly well - very impressive”

Brian F, Team Lead, RBS, Data Analysis Course, 20 April 2022

 

 

JBI training course London UK

Newsletter

 

Sign up for the JBI Training newsletter to stay updated with world-class technology training opportunities, including Analytics, AI, ML, DevOps, Web, Backend and Security. Our Power BI Training Course is especially popular.  Gain new skills, useful tips, and validate your expertise with an industry-leading organisation, all tailored to your schedule and learning preferences.



More about this course

Security breaches can devastate organizations, compromise user data, and destroy trust. As web applications become increasingly central to business operations, secure development practices are not optional – they're essential.

This intensive course equips Python developers with both the theoretical understanding and practical skills needed to build secure web applications. From cryptographic fundamentals to real-world implementation patterns, you'll learn how to identify vulnerabilities and implement robust security measures at every layer of your application.

The course covers important security principles, and mitigating specific vulnerabilities including The OWASP Top Ten, but is focused on secure Python web application development.

This is a practical and hands on, two day, course. Learn how to use the security tools that come in the Python standard library.

Modules covered include:

* hashlib
* hmac
* secrets
* random
* socket
* ssl

Web application frameworks:

* Security features in web application frameworks for API servers and web applications
* How to secure data in Django, Flask and other popular web application frameworks
* Secure deployment practises with containers and application servers (WSGI or ASGI)

Third party libraries for cryptography and secure network access:

* authlib
* cryptography
* httpx and requests
* websocket
* jwt
* OpenZiti for application level zero trust architecture
* certifi for TLS certification verification

Tooling for secure Python development and as part of your CI pipelines:

* uv/pipenv
* pip-audit
* bandit
* ruff
* mypy
* dependabot/renovate
* Security testing

Network security with TLS:

* How, why and when to use TLS
* How TLS works
* mTLS for enhanced security
* Generating self-signed certificates for local development, with the cryptography library



 

 

FAQs

CONTACT
+44 (0)20 8446 7555

[email protected]

SHARE

 

Copyright © 2024 JBI Training. All Rights Reserved.
JB International Training Ltd  -  Company Registration Number: 08458005
Registered Address: Wohl Enterprise Hub, 2B Redbourne Avenue, London, N3 2BS

Modern Slavery Statement & Corporate Policies | Terms & Conditions | Contact Us

POPULAR

Rust training course                                                                          React training course

Threat modelling training course   Python for data analysts training course

Power BI training course                                   Machine Learning training course

Spring Boot Microservices training course              Terraform training course

Kubernetes training course                                                            C++ training course

Power Automate training course                               Clean Code training course