Dozent gesucht für Auftrag - Python
Wir suchen Dozenten für diesen und andere Aufträge. Für Auftrag bewerben.
Thema:
1. Python
Auftrag Info:
DAY 1
Cyber security basics
What is security?
Threat and risk
Cyber security threat types
Consequences of insecure software
Constraints and the market
The dark side
Input validation
Input validation principles
Blacklists and whitelists
Data validation techniques
Lab – Input validation
What to validate – the attack surface
Where to validate – defense in depth
How to validate – validation vs transformations
Output sanitization
Encoding challenges
Lab – Encoding challenges
Validation with regex
Regular expression denial of service (ReDoS)
Lab – Regular expression denial of service (ReDoS)
Dealing with ReDoS
Injection
Injection principles
Injection attacks
SQL injection
SQL injection basics
Lab – SQL injection
Attack techniques
Content-based blind SQL injection
Time-based blind SQL injection
SQL injection best practices
Input validation
Parameterized queries
Additional considerations
Lab – SQL injection best practices
Case study – Hacking Fortnite accounts
Code injection
Code injection via input()
OS command injection
Lab – Command injection
OS command injection best practices
Avoiding command injection with the right APIs
Lab – Command injection best practices
Case study – Shellshock
Lab – Shellshock
Case study – Command injection via ping
Python module hijacking
Lab – Module hijacking
General protection best practices
DAY 2
Input validation
Integer handling problems
Representing signed numbers
Integer visualization
Integers in Python
Integer overflow
Integer overflow with ctypes and numpy
Lab – Integer problems in Python
Other numeric problems
Division by zero
Other numeric problems in Python
Working with floating-point numbers
Files and streams
Path traversal
Path traversal-related examples
Lab – Path traversal
Additional challenges in Windows
Virtual resources
Path traversal best practices
Format string issues
Unsafe native code
Native code dependence
Lab – Unsafe native code
Best practices for dealing with native code
Security features
Authentication
Authentication basics
Multi-factor authentication
Authentication weaknesses – spoofing
Case study – PayPal 2FA bypass
Password management
Inbound password management
Storing account passwords
Password in transit
Lab – Is just hashing passwords enough?
Dictionary attacks and brute forcing
Salting
Adaptive hash functions for password storage
Password policy
NIST authenticator requirements for memorized secrets
Password length
Password hardening
Using passphrases
Password change
Forgotten passwords
Lab – Password reset weakness
Case study – The Ashley Madison data breach
The dictionary attack
The ultimate crack
Exploitation and the lessons learned
Password database migration
Outbound password management
Hard coded passwords
Best practices
Lab – Hardcoded password
Protecting sensitive information in memory
Challenges in protecting memory
Information exposure
Exposure through extracted data and aggregation
Case study – Strava data exposure
System information leakage
Leaking system information
Information exposure best practices
Python platform security
The Python ecosystem and its attack surface
Python bytecode and security
Security features offered by the Python runtime
PEP 578 and audit hooks
Sandboxing Python
Using vulnerable components
Assessing the environment
Hardening
Malicious packages in Python
Vulnerability management
Patch management
Bug bounty programs
Vulnerability databases
Vulnerability rating – CVSS
DevOps, the build process and CI / CD
Dependency checking in Python
Lab – Detecting vulnerable components
DAY 3
Cryptography for developers
Cryptography basics
Cryptography in Python
Elementary algorithms
Random number generation
Pseudo random number generators (PRNGs)
Cryptographically strong PRNGs
Using virtual random streams
Weak and strong PRNGs
Using random numbers in Python
Case study – Equifax credit account freeze
Lab – Using random numbers in Python
Hashing
Hashing basics
Common hashing mistakes
Hashing in Python
Lab – Hashing in Python
Confidentiality protection
Symmetric encryption
Block ciphers
Modes of operation
Modes of operation and IV – best practices
Symmetric encryption in Python
Lab – Symmetric encryption in Python
Asymmetric encryption
The RSA algorithm
Using RSA – best practices
RSA in Python
Elliptic Curve Cryptography
The ECC algorithm
Using ECC – best practices
ECC in Python
Combining symmetric and asymmetric algorithms
Key exchange
Diffie-Hellman key agreement algorithm
Key exchange pitfalls and best practices
Integrity protection
Authenticity and non-repudiation
Message Authentication Code (MAC)
MAC in Python
Lab – Calculating MAC in Python
Digital signature
Digital signature with RSA
Digital signature with ECC
Digital signature in Python
Public Key Infrastructure (PKI)
Some further key management challenges
Certificates
Chain of trust
PGP – Web of Trust
Certificate management – best practices
Common software security weaknesses
Time and state
Race conditions
File race condition
Time of check to time of usage – TOCTTOU
Insecure temporary file
Avoiding race conditions in Python
Thread safety and the Global Interpreter Lock (GIL)
Case study: TOCTTOU in Calamares
Errors
Error and exception handling principles
Error handling
Returning a misleading status code
Information exposure through error reporting
Exception handling
In the except,catch block. And now what?
Empty catch block
The danger of assert statements
Lab – Exception handling mess
Code quality
Language elements
Using dangerous language elements
Using obsolete language elements
Portability flaw
Module injection and monkey patching
Dangers of compile(), exec() and eval()
Sandboxing Python
Denial of service
Denial of Service
Resource exhaustion
Cash overflow
Flooding
Algorithm complexity issues
Wrap up
Secure coding principles
Principles of robust programming by Matt Bishop
Secure design principles of Saltzer and Schröder
And now what?
Software security sources and further reading
Python resources
Cyber security basics
What is security?
Threat and risk
Cyber security threat types
Consequences of insecure software
Constraints and the market
The dark side
Input validation
Input validation principles
Blacklists and whitelists
Data validation techniques
Lab – Input validation
What to validate – the attack surface
Where to validate – defense in depth
How to validate – validation vs transformations
Output sanitization
Encoding challenges
Lab – Encoding challenges
Validation with regex
Regular expression denial of service (ReDoS)
Lab – Regular expression denial of service (ReDoS)
Dealing with ReDoS
Injection
Injection principles
Injection attacks
SQL injection
SQL injection basics
Lab – SQL injection
Attack techniques
Content-based blind SQL injection
Time-based blind SQL injection
SQL injection best practices
Input validation
Parameterized queries
Additional considerations
Lab – SQL injection best practices
Case study – Hacking Fortnite accounts
Code injection
Code injection via input()
OS command injection
Lab – Command injection
OS command injection best practices
Avoiding command injection with the right APIs
Lab – Command injection best practices
Case study – Shellshock
Lab – Shellshock
Case study – Command injection via ping
Python module hijacking
Lab – Module hijacking
General protection best practices
DAY 2
Input validation
Integer handling problems
Representing signed numbers
Integer visualization
Integers in Python
Integer overflow
Integer overflow with ctypes and numpy
Lab – Integer problems in Python
Other numeric problems
Division by zero
Other numeric problems in Python
Working with floating-point numbers
Files and streams
Path traversal
Path traversal-related examples
Lab – Path traversal
Additional challenges in Windows
Virtual resources
Path traversal best practices
Format string issues
Unsafe native code
Native code dependence
Lab – Unsafe native code
Best practices for dealing with native code
Security features
Authentication
Authentication basics
Multi-factor authentication
Authentication weaknesses – spoofing
Case study – PayPal 2FA bypass
Password management
Inbound password management
Storing account passwords
Password in transit
Lab – Is just hashing passwords enough?
Dictionary attacks and brute forcing
Salting
Adaptive hash functions for password storage
Password policy
NIST authenticator requirements for memorized secrets
Password length
Password hardening
Using passphrases
Password change
Forgotten passwords
Lab – Password reset weakness
Case study – The Ashley Madison data breach
The dictionary attack
The ultimate crack
Exploitation and the lessons learned
Password database migration
Outbound password management
Hard coded passwords
Best practices
Lab – Hardcoded password
Protecting sensitive information in memory
Challenges in protecting memory
Information exposure
Exposure through extracted data and aggregation
Case study – Strava data exposure
System information leakage
Leaking system information
Information exposure best practices
Python platform security
The Python ecosystem and its attack surface
Python bytecode and security
Security features offered by the Python runtime
PEP 578 and audit hooks
Sandboxing Python
Using vulnerable components
Assessing the environment
Hardening
Malicious packages in Python
Vulnerability management
Patch management
Bug bounty programs
Vulnerability databases
Vulnerability rating – CVSS
DevOps, the build process and CI / CD
Dependency checking in Python
Lab – Detecting vulnerable components
DAY 3
Cryptography for developers
Cryptography basics
Cryptography in Python
Elementary algorithms
Random number generation
Pseudo random number generators (PRNGs)
Cryptographically strong PRNGs
Using virtual random streams
Weak and strong PRNGs
Using random numbers in Python
Case study – Equifax credit account freeze
Lab – Using random numbers in Python
Hashing
Hashing basics
Common hashing mistakes
Hashing in Python
Lab – Hashing in Python
Confidentiality protection
Symmetric encryption
Block ciphers
Modes of operation
Modes of operation and IV – best practices
Symmetric encryption in Python
Lab – Symmetric encryption in Python
Asymmetric encryption
The RSA algorithm
Using RSA – best practices
RSA in Python
Elliptic Curve Cryptography
The ECC algorithm
Using ECC – best practices
ECC in Python
Combining symmetric and asymmetric algorithms
Key exchange
Diffie-Hellman key agreement algorithm
Key exchange pitfalls and best practices
Integrity protection
Authenticity and non-repudiation
Message Authentication Code (MAC)
MAC in Python
Lab – Calculating MAC in Python
Digital signature
Digital signature with RSA
Digital signature with ECC
Digital signature in Python
Public Key Infrastructure (PKI)
Some further key management challenges
Certificates
Chain of trust
PGP – Web of Trust
Certificate management – best practices
Common software security weaknesses
Time and state
Race conditions
File race condition
Time of check to time of usage – TOCTTOU
Insecure temporary file
Avoiding race conditions in Python
Thread safety and the Global Interpreter Lock (GIL)
Case study: TOCTTOU in Calamares
Errors
Error and exception handling principles
Error handling
Returning a misleading status code
Information exposure through error reporting
Exception handling
In the except,catch block. And now what?
Empty catch block
The danger of assert statements
Lab – Exception handling mess
Code quality
Language elements
Using dangerous language elements
Using obsolete language elements
Portability flaw
Module injection and monkey patching
Dangers of compile(), exec() and eval()
Sandboxing Python
Denial of service
Denial of Service
Resource exhaustion
Cash overflow
Flooding
Algorithm complexity issues
Wrap up
Secure coding principles
Principles of robust programming by Matt Bishop
Secure design principles of Saltzer and Schröder
And now what?
Software security sources and further reading
Python resources
Seminarart: Einzelunterricht
geplanter Zeitraum: vom 11.03.2026 bis 12.03.2026
Termindetails: von 09.00 - 17.00 Uhr.
Honorar: 300,00-500,00 € pro Tag
Onlineseminar - Adresse mit Auftraggeber klären
Auftrag 154501 vom 04.03.2026.