DSW-Unit 6-Security
Summary
OAuth. Web App vulnerabilities. Sanitizing Inputs, Captchas
Topics
- Web App Vulnerabilities
- Spam prevention
- Denial of Service
- Code injection
- Sanitizing Inputs via Python itsdangerous
- CAPTCHAs using FlaskWTF
- Authentication and Authorization
- OAuth
- Role based security
Learning Objectives
- The student will be able to explain some vulnerabilities of web apps that allow users to update state but that are not secured
- The student will be able to explain what a Denial of Service attack is
- The student will be able to explain what a Code Injection attack is
- The student will be able to explain how web apps are vulnerable to spam if not secured
- The student will be able to write Python code that sanitizes user inputs when appropriate
- The student will be able to identify the circumstances where sanitizing inputs is necessary, and why
- The student will be able to write Python code to add a CAPTCHA to a web application using FlaskWTF
- The student will be able to explain the difference between authentication and authorization
- The student will be able to identify whether a given scenario involves authentication, authorization, neither or both, and explain their answer
- The student will be able to give an example of a web application where role based security is appropriate
- The student will be able to write Python code to add role based security to a simple Flask web application.