Full Stack Python Security: Cryptography, TLS, and attack resistance

by Dennis Byrne

Full Stack Python Security teaches you everything you’ll need to build secure Python web applications.Summary In Full Stack Python Cryptography, TLS, and attack resistance, you’ll learn how     Use algorithms to encrypt, hash, and digitally sign data     Create and install TLS certificates     Implement authentication, authorization, OAuth 2.0, and form validation in Django     Protect a web application with Content Security Policy     Implement Cross Origin Resource Sharing     Protect against common attacks including clickjacking, denial of service attacks, SQL injection, cross-site scripting, and more Full Stack Python Cryptography, TLS, and attack resistance teaches you everything you’ll need to build secure Python web applications. As you work through the insightful code snippets and engaging examples, you’ll put security standards, best practices, and more into action. Along the way, you’ll get exposure to important libraries and tools in the Python ecosystem. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology Security is a full-stack concern, encompassing user interfaces, APIs, web servers, network infrastructure, and everything in between. Master the powerful libraries, frameworks, and tools in the Python ecosystem and you can protect your systems top to bottom. Packed with realistic examples, lucid illustrations, and working code, this book shows you exactly how to secure Python-based web applications. About the book Full Stack Python Cryptography, TLS, and attack resistance teaches you everything you need to secure Python and Django-based web apps. In it, seasoned security pro Dennis Byrne demystifies complex security terms and algorithms. Starting with a clear review of cryptographic foundations, you’ll learn how to implement layers of defense, secure user authentication and third-party access, and protect your applications against common hacks. What's inside     Encrypt, hash, and digitally sign data     Create and install TLS certificates     Implement authentication, authorization, OAuth 2.0, and form validation in Django     Protect against attacks such as clickjacking, cross-site scripting, and SQL injection About the reader For intermediate Python programmers. About the author Dennis Byrne is a tech lead for 23andMe, where he protects the genetic data of more than 10 million customers. Table of Contents 1 Defense in depth PART 1 - CRYPTOGRAPHIC FOUNDATIONS 2 Hashing 3 Keyed hashing 4 Symmetric encryption 5 Asymmetric encryption 6 Transport Layer Security PART 2 - AUTHENTICATION AND AUTHORIZATION 7 HTTP session management 8 User authentication 9 User password management 10 Authorization 11 OAuth 2 PART 3 - ATTACK RESISTANCE 12 Working with the operating system 13 Never trust input 14 Cross-site scripting attacks 15

567 pages, Kindle Edition

Published August 24, 2021

Reviews

[Ronald Davis · Rating 5 out of 5]

I thoroughly enjoyed this book.
I felt it completed everything that it set out to do from the beginning and that I've learned a lot more about security in the context of software applications, specifically the web ones.
In my case I was implementing a lot of the concepts mentioned using a FastAPI application so I diverged from the example Django application that the author was working through. This didn't really cause much friction as I felt the author paid sufficient attention to the concepts themselves prior to any implementation, so I was able to translate this over to my application.

For me I'm not sure if the book will have a lot of "rereadability" because the author himself even provides links to OWASP documentation that provides a lot more depth in many of the topics discussed. So for me this book was a stepping stone ( an important one ) into more involved work related to security.

So this was a really good book in the end and would recommend it.

[Serhii Kushchenko · Rating 5 out of 5]

This book is good. I strongly recommend every Python programmer work through it. The author has put in a lot of effort so that you can quickly absorb some practical information. Reading this book won't make you a cybersecurity guru, but you'll be immensely better than the average Python developer.

In the book, almost all topics are explained using the Django examples. My humble advice is to mention Django together with Python in the next edition's title.

I have read many Django books. None of them even mentioned the security issues and plugins described here. In most cases, Django developers can use the ready-made recipes and plugins with minimal effort.

I hope Flask and FastAPI developers also want to avoid the security holes in their applications. Unfortunately, the book does not contain simple recipes for them. They will have to spend a bit of time doing their own research.