Advanced Information Security Automation with Python
This course is designed as the logical progression point for students who have completed Automating Information Security with Python, or for those who are already familiar with basic Python programming concepts. This course jumps immediately into advanced concepts. It looks at coding techniques used by popular open-source information security packages and how to apply them to our own Python cybersecurity projects.
Course Key Learnings:
- New pyWars features, virtual environments, and VSCode
- How to use unit testing to evaluate code in development
- Python object-oriented coding
- Decorators
- Iterators
- Context managers
- Data descriptors
- Object attribute security and attacks
- Multi-threading
- Multi-processing
- How to understand and mitigate object serialization attacks
- The right way to do application logging
- Command line tool automation with PEXPECT
- Interpreter and object model attacks
Course Content:
Module1: : Python Package Essentials
Overview
The first course section jumps straight into pyWars. You’ll learn how developers use unit tests to evaluate their programs during the development process and prevent small changes in core function from having cascading affects in your applications. We’ll deep dive into the Python package structure, and you’ll learn how setup.py can be used to build a deployable package and how to handle common structural errors such as circular references.
Topics
- Virtual Environment
- Using an IDE
- Unit Testing
- Building Packages
- PIP Installable Package
- Understanding Package Imports
- Absolute vs. Relative Imports
- Circular References
Module2: Python Objects
Overview
This course section will teach you to develop custom Python objects and data structures to support the needs of modern cybersecurity projects. We will build a model cybersecurity project called the Security Professionals Friend 100 (SPF100) that incorporates features found in popular cybersecurity packages such as Scapy and Volatility. You’ll see how the right data structure can make your applications much easier to use and speed the development process.
Topics
- Argument Packing
- Objects
- Inheritance Super
- Inheriting and Extending Built-in Objects
- The Magic Dunders
- Slicing
Module3: : Python Objects (continued)
Overview
In this section we continue adding new features to SPF100 that make Python objects more versatile. You’ll learn how to customize the behavior of objects when accessing their attributes, and how to resolve attribute naming conflicts by using name mangling. We will discuss attribute privacy, the security pitfalls associated with any developer trying to protect object attributes, and how to exploit them. This section will provide you with a firm understanding of how to perform error handling in your projects. We’ll complete the session by adding custom iterators to our project that can process network packets in interesting ways.
Topics
- Attribute Access
- Executable Attributes
- Name Mangling
- Attribute Privacy
- Object Comparison Operations
- Advanced Exception Handling
- Object Iteration
- Object Instantiation
Module4: Advanced Concepts
Overview
Knowing how to code is only part of the battle. When it comes to solving real-world cybersecurity problems, a bit more is required. Show us an information security professional who doesn’t hate working with timestamps and time zones and we’ll show you an information security professional who has never had to deal with timestamps and time zones. In this course section you will learn how to properly process and handle timestamps and solve problems that require knowledge of multiple time zones. You will learn how and when to use multi-processing and multi-threading to spread out the load and handle large amounts of data. We will continue to build on SPF100 and leverage Python features such as context managers in order to make the package as user-friendly as it is in other popular cybersecurity projects.
Topics
- Dataclasses and NamedTuples
- Timestamps and Time Zones
- Concurrency
- Multi-threading
- Multi-processing
- Serialization Attack and Mitigation
- Context Managers
Module5: Advanced Concepts (continued)
Overview
This course section will examine some of the most common struggles developers face when designing cyber tools. We will discuss how to automate command line tools that require interaction. This goes far beyond just running the program and capturing the output. We will talk about the ability to fully automate and interact with any command line. Next, we will add the ability to generate logs. You’ll learn how to control the logs for other modules and configure applications so that you are alerted when critical events take place. We’ll show you how you can use decorators to quickly add functionality to existing code with minimal changes to those programs. You will learn how to develop your own powerful decorators to improve any code base. We’ll wrap up our discussion with a look at more security vulnerabilities that affect the Python interpreter and commonly used functions.
Topics
- CLI Tool Automation
- Logging
- Decorators
- Python Attacks
Module6:: Capture-the-Flag Challenge
Overview
In this capstone event, you will apply the skills you have mastered and the code you have developed throughout the course in a series of programming challenges. You will exploit vulnerable systems, built custom objects, decorators, and most of the other skills you have learned over the week.
Course Prerequisites:
This course teaches advanced Python coding skills but there will be an assumption that you understand all of the skills . Those skills include using built-in data types, for loops, while loops, writing functions, developing a single file module, Bytes, UTF-8, File IO, regular expressions, Scapy, and basic exception handling.
International Student Fee: 950 US$
Job Interview Preparation (Soft Skills Questions & Answers)
- Tough Open-Ended Job Interview Questions
- What to Wear for Best Job Interview Attire
- Job Interview Question- What are You Passionate About?
- How to Prepare for a Job Promotion Interview
Your FREE eLEARNING Courses (Click Here)
Internships, Freelance and Full-Time Work opportunities
- Join Internships and Referral Program (click for details)
- Work as Freelancer or Full-Time Employee (click for details)
Flexible Class Options
- Week End Classes For Professionals SAT | SUN
- Corporate Group Trainings Available
- Online Classes – Live Virtual Class (L.V.C), Online Training
Related Course
Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
Advanced Open-Source Intelligence (OSINT) Gathering and Analysis
Applied Data Science and AI/Machine Learning for Cybersecurity Professionals