HTML Injection Attacks: Impact and Mitigation Strategies
Django and Python Introduction @ UGent
1. 24/03/2014 Kevin Van Wilder - Django & Python 1
Python
24-03-2014
Kevin Van Wilder
2. 24/03/2014 Kevin Van Wilder - Django & Python 2
Archeological finds
suggest...
● 1991 Python 1.0
– Guido van Rossum
● 2000 Python 2.0
– Scripting in Operating Systems
– Recent years: Endorsed by Google
● 2005 Django
● 2008 Python 3.0
– Backwards Incompatible
● 2009 MIT switches to Python to teach Computer Science to
students (6.001)
3. 24/03/2014 Kevin Van Wilder - Django & Python 3
Python is used for...
● Rapid Prototyping
● Web application development
● Scientific calculations
● XML Processing
● Database applications
● GUI applications
● Glue language for different systems
4. 24/03/2014 Kevin Van Wilder - Django & Python 4
What is Python?
● Easy to learn and master
– Clean and clear syntax
– Very few keywords
– High Level data types
– Compact
● Highly portable
– Runs everywhere
● Highly extensible
– Libraries may be written in python or C/C++
5. 24/03/2014 Kevin Van Wilder - Django & Python 5
What is Python?
● High Level Programming Language
● Interpreted Language
– Works “similar to Java” behind the scenes
● Source compiles to Bytecode (.pyc files)
● Bytecode is translated on a “virtual machine” as machine code.
– Different implementations of the interpreter:
● CPython (reference implementation)
● Jython (Java-based implementation)
● PyPy (JIT implementation)
● Read-Eval-Print Loop (REPL)
6. 24/03/2014 Kevin Van Wilder - Django & Python 6
Variables & Types
● No declaration
● Everything has an object type
● Integer division like in C
● High level data types
– Collections, Lists vs Tuples, Dicts
– Auto unpacking
>>> a = 1
>>> a
1
>>> type(a)
<type 'int'>
>>> a = “Hello”
>>> type(a)
<type 'string'>
>>> 5/2
2
>>> 5.0/2
2.5
>>> x, y = 2, 3
>>> x
2
>>> y
3
7. 24/03/2014 Kevin Van Wilder - Django & Python 7
Logic Flow
● For, while loops
● Generators
● Exception Handling
>>> for ch in “Hello”:
… print ch
…
H
e
l
l
o
>>> for i in range(3):
… print i
…
0
1
2
>>>
>>> try:
… connect_to_a_broken_server()
… except ConnectionError as e:
… print “Stuff is broken!”
… finally:
… print “End of the line”
Stuff is broken!
End of the line
>>>
8. 24/03/2014 Kevin Van Wilder - Django & Python 8
Classes
● Class statement
● First class citizen
use as:
– Parameter
– Return value
– Variable assignment
>>> class Foo(object):
…. def __init__(self):
…. self.member = 1
…. def get_member(self):
…. return self.member
….
>>> Foo
<class __main__.Foo at 1000960>
>>> f = Foo()
>>> f
<type 'Foo'>
>>> f.get_member()
1
>>>
9. 24/03/2014 Kevin Van Wilder - Django & Python 9
The Language
● Object-Oriented
– Everything is internally an object, even integers and strings
– Supports imperative, functional and procedural development
● Minimalistic
– Indentation defines scoping
– No line delimiters
● Dynamically and Strongly Typed
● Packages, Modules
10. 24/03/2014 Kevin Van Wilder - Django & Python 10
Standard Library
● Very large set of modules with diverse
functionality:
– All internet protocols, sockets, cgi, os services
– GUI, database, calendar, file operations
– Debugging, profiling
– Threading, synchronization
● http://docs.python.org/2/library/
11. 24/03/2014 Kevin Van Wilder - Django & Python 11
Third party libraries
● Awesome python libraries
– Requests
http://docs.python-requests.org
– Pillow
http://pillow.readthedocs.org
– Dateutil
https://pypi.python.org/pypi/python-dateutil
– DocOpt
https://pypi.python.org/pypi/docopt
● But also:
– And about 40.000+ more!
– Numerical analysis, sql databases, fortran, xml, win32, serial connections, qt,
tkinter, etc etc etc etc etc
12. 24/03/2014 Kevin Van Wilder - Django & Python 12
Python is...
● The syntax
● The standard library
● The external library
● The community
13. 24/03/2014 Kevin Van Wilder - Django & Python 13
Learning Resources
● “Learn Python The Hard Way” (not really) -
http://learnpythonthehardway.org/
● “Crash Into Python” -
http://www.learnpython.org/
● Read The Fine Manual
http://docs.python.org/