Having to teach 70 or so students how to break into websites involves building infrastructure to host a lot of websites which are designed to be hacked, poked, prodded and brute forced. Hear us talk about how we were able to keep up thanks to python + friends!
We helped run a course at UNSW on web application security and testing and in doing so had to build a lot of websites very quickly. Doing so required us to generalise as much as we could so we could pop multiple websites out a week while keeping up with all the things students did to break our sites….but not in the way we wanted to. We built up an open source infrastructure that leveraged the ability of flask to get a site up and running in no time and the magic of docker to help deploy these websites and restart them when something inevitably went wrong.
In addition we also came across a fun series of issues when our own infrastructure was too secure for us to demonstrate the bugs we wished to and learnt a lot about how various bits of the web work with python.
We want to share some of the lessons we learnt about python, web development and how to use python at scale.
Watch 'Using Python, Flask and Docker To Teach Web Pentesting' on PyCon AU's YouTube account
Zain Afzal
Long time lover of python and security, recent lover of hot cross buns.
Carey Li