Skip to content

Instantly share code, notes, and snippets.

@tylernchls

tylernchls/flask_sec.md

Last active March 14, 2018 07:01
Show Gist options
  • Save tylernchls/90ca12bb1d579c936e21187ae0b1ceb4 to your computer and use it in GitHub Desktop.
Save tylernchls/90ca12bb1d579c936e21187ae0b1ceb4 to your computer and use it in GitHub Desktop.
Download ZIP
FlaskSec Cyber
Raw
flask_sec.md

Proposed application breakdown

Saturday 3/17/18

Intro to web application architecture (2 hours):
  • Whiteboard full stack architecture talking
  • Explain interaction with browser and flow of data
  • Brief overview of dev tools specifically networking
  • Demostrate live network requests / inspecting requests
Install Fest (1 hour)
  • Install Visual Studio / walk through
  • Install postgres
Lunch (1 hour)
Project Setup (2 hours):
  • Install / setup python virtual environment
  • Github project setup
  • Flask(hello world) with simple routing
Templating (2 hours)
  • Explanation of templating using built in jinga2
  • Template fake user
  • Conditional rendering of index.html in template
  • Explain template inheritance
  • Implement inheritance with base template
  • Setup initial nav links
  • Refactor other templates to inherit from base template
Dinner (1 hour)
Web Forms (3 hours)
  • General talk about web forms
  • Introduce flask-wtf forms through official docs
  • Set up config file
  • Implement login form, update index.html
  • Show form.hidden_tag() via dev tools and explain protects against CSRF
  • Implement login route
  • Update base template to include login route in nav   - Implement login view function to handle user received data
  • Update base template to handle flash messages on bad input
  • Update login template to handle in line flash messages when
  • Update base template and routes to use url_for() and explain why use.

Monday 3/19/18

Recap from last class(.75 hours)
  • Go over project structure briefly
  • Take any questions thus far
  • Continue from last class lecture if didn't complete anything
  • Fix any errors thus far overlapping from last class
Break(.25 hours)
Set up backend (2 hours)
  • Postgres command overview/review if needed
  • Set up local DB instance for application
  • Explain DB migrations
  • Define models
  • Initialize/run migrations
  • Migration verification
  • Add new user to db via python shell
  • Verify new user creation in db
DB Vulnerability testing(1 hour)
  • Optional, not sure what this is going to be yet
  • Test DB as stands with sqldump

Tuesday 3/20/18

Recap from last class(.5 hours)
  • Go over project structure briefly
  • Take any questions thus far
  • Continue from last class lecture if didn't complete anything
  • Fix any errors thus far overlapping from last class
Break(.25 hours)
Testing for vulnerbilities(2-3 hours)
  • Test for vulnerabilities as stand before adding in hashing and other validations with flask
  • Need help figuring what this is going to include

Saturday 3/24/18

Recap from last class(.5 hours)
  • Go over project structure briefly
  • Take any questions thus far
  • Continue from last class lecture if didn't complete anything
  • Fix any errors thus far overlapping from last class
Implement Hashing on forms(2 hours)
  • Explain use of hashing & salts
  • Demo using Werkzeug hashing module via python shell
  • Update models to include Werkzeug module
  • Implement login manager via flask_login module
  • Update login view function with new logic
Lunch(1 hour)
Implement logout(1.5 hours)
  • Add logout route & associated view function
  • Update base template to include conditional logic to switch link when user is logged in
  • Restrict /index route with login_required
  • Update login view function to handle redirects after successfull login
  • Update index template and index route to show current_user when logged in
Implement user registration(2 hours)
  • Add registration form
  • Add valiation methods
  • Create registration template with asscociated flash error handling
  • Update login template to include link to registration route
  • Add register route and view function with corresponding DB logic
  • Test error handling of form, redirects, successful registration, verify new user in DB
Dinner(1 hour)
Styling(2 hours)
  • Create static directory
  • Link css with base template
  • Refactor of templates with classes for styling purposes
  • Css refactor to make look nice
  • Free time to customize their page

Monday 3/26/18

Recap from last class(1 hours)
  • Go over project structure briefly
  • Take any questions thus far
  • Continue from last class lecture if didn't complete anything
  • Fix any errors thus far overlapping from last class
  • Time to continuing styling if needed
Break(.25 hours)
Vulnerabilty testing(2 hours)
  • Test application at current state for vulnerabilites / exploits
  • Need help what this will include

Tuesday 3/27/18

Recap from last class(.5 hours)
  • Go over project structure briefly
  • Take any questions thus far
  • Continue from last class lecture if didn't complete anything
  • Fix any errors thus far overlapping from last class
Break(.25 hours)
Cloud infastructure / security(3 hours)
  • Lecture on cloud infastructure/security
  • AWS account setups
  • Pre application deployment prep
  • Will need to refactor code to work with AWS RDS instance

Saturday 3/31/18

Recap from last class(.5 hours)
  • Go over project structure briefly
  • Take any questions thus far
  • Continue from last class lecture if didn't complete anything
  • Fix any errors thus far overlapping from last class
AWS Deployment(? hours)
  • Code refactor to work with AWS RDS
  • EC2 setup
  • Deployment
  • Post deployment vulnerability testing
  • ???????????????
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment