Python for Security Analysts & Professionals

Session 1: An Overview of Python

• What is python?
• 1 -- An overview of Python
• What is python?
• Python Timeline
• Advantages/Disadvantages of Python
• Getting help with pydoc

Session 2: The Python Environment

• Starting Python
• Using the interpreter
• Running a Python script
• Python scripts on Unix/Windows
• Editors and IDEs

Session 3: Getting Started

• Using variables
• Builtin functions
• Strings
• Numbers
• Converting among types
• Writing to the screen
• Command line parameters

Session 4: Flow Control

• About flow control
• White space
• Conditional expressions
• Relational and Boolean operators
• While loops
• Alternate loop exits

Session 5: Sequences

• About sequences
• Lists and list methods
• Tuples
• Indexing and slicing
• Iterating through a sequence
• Sequence functions, keywords, and operators
• List comprehensions
• Generator Expressions
• Nested sequences

Session 6: Working with files

• File overview
• Opening a text file
• Reading a text file
• Writing to a text file
• Reading and writing raw (binary) data
• Converting binary data with struct

Session 7: Dictionaries and Sets

• About dictionaries
• Creating dictionaries
• Iterating through a dictionary
• About sets
• Creating sets
• Working with sets

Session 8: Functions

• Defining functions
• Parameters
• Global and local scope
• Nested functions
• Returning values

Session 9: Sorting

• The sorted() function
• Alternate keys
• Lambda functions
• Sorting collections

Session 10: Errors and Exception Handling

• Syntax errors
• Exceptions
• Using try/catch/else/finally
• Handling multiple exceptions
• Ignoring exceptions

Session 11: Modules and Packages

• The import statement
• Module search path
• Creating modules and Using packages
• Function and Module aliases

Session 12: Classes

• About o-o programming
• Defining classes
• Constructors
• Methods
• Instance data
• Properties
• Class methods and data

Session 13: Regular Expressions

• RE syntax overview
• RE Objects
• Searching and matching
• Compilation flags
• Groups and special groups
• Replacing text
• Splitting strings

Session 14: The standard library

• The sys module
• Launching external programs
• The string module
• Reading CSV data

Session 15: Dates and times

• Working with dates and times
• Translating timestamps
• Parsing dates from text

Session 16: Working with the file system

• Paths, directories, and filenames
• Checking for existence
• Permissions and other file attributes
• Walking directory trees
• Creating filters with fileinput
• Security and File Access

Session 17: Network services

• Grabbing web content
• Detecting Malformed Input

Session 18: Writing secure Python applications

• Parsing command-line options
• Getting help with pydoc
• Safely handling untrusted data
• Managing eval() permissions
• Potential insecure packages
• Embedding code snippets in Python
• Embedding authentication data in Python
• Potentially dangerous operations:
  • File access
  • Operating system access
  • Calls to external services
  • Called to external data sources
  • Static analysis tools such as Bandit

Session 19: Log File Analysis

• Raw log file manipulation
• Fail2Ban
• Customizing Fail2Ban with Python

Session 20: Security Filters

• SQL-Injection Detection
• ModSecurity CRS filtering

Session 21: Packet Analysis

• Packet Sniffing in Python

Session 22: Analytics

• Security Logging and Analytics
• Attack Detection and Defense
• Python and Spark High-Level Overview

OPTIONAL / Time Permitting

Session 23: RESTful Web Services

• What is Flask?
• Developing a Flask Web service
• Mapping resources using URLs
• Mapping resources using HTTP
• Negotiating data content