BishoySedra / Cyberus-Summer-Training

All associated materials and tasks for the training

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Cyberus-Summer-Training

Session 1: Python Basics and Intro to Flask

Python Basics:

  • Variables and Data Types (integers, floats, strings, booleans)
  • Basic Operators (arithmetic, comparison, logical)
  • Conditional Statements (if, elif, else)
  • Loops (for and while)
  • Functions and Modules
  • Lists, Dictionaries, and Sets
  • Exception Handling (try, except)

Introduction to Flask:

  • What is Flask?
  • Setting up a Flask Environment (virtual environment recommended)
  • Creating a Simple Flask Application
  • Routing and Views
  • Templates and Jinja2
  • Request and Response Handling
  • Running a Flask Application

Session 2: Authentication Using Flask and Security Concerns

Authentication Using Flask:

  • User Authentication Concepts
  • Implementing User Authentication in Flask
  • Session Management

Security Concerns:

  • SQL Injection Attacks
  • Brute Forcing Attacks

Session 3: File Upload Restrictions and Cookie Security

File Upload Restrictions:

  • Securing File Uploads in Web Applications
  • Implementing File Upload Restrictions

Cookie Security:

  • Introduction to Cookies
  • Cookie Attributes (Secure, HttpOnly, SameSite, etc.)
  • Cookie Attribute Attacks

Session 4: SSTI Attacks and XSS Attacks

SSTI Attacks:

  • Understanding Server-Side Template Injection (SSTI)
  • Prevention Strategies for SSTI Attacks
  • Input Validation and Sanitization
  • Content Security Policy (CSP)
  • Output Encoding
  • Security Headers
  • Session Management
  • Regular Security Audits

XSS Attacks:

  • Cross-Site Scripting (XSS) Vulnerabilities
  • Prevention Strategies for XSS Attacks
  • Input Validation and Sanitization

Session 5: IDOR and Price Manipulation Attacks

IDOR (Insecure Direct Object Reference) Attacks:

  • Understanding Insecure Direct Object Reference (IDOR) Vulnerabilities
  • Prevention Strategies for IDOR Attacks
  • Proper Access Control
  • Session Management
  • Regular Security Audits

Price Manipulation Attacks:

  • Detecting and Preventing Price Manipulation Attacks
  • Input Validation and Sanitization
  • Proper Authorization and Authentication
  • Session Management
  • Regular Security Audits