Courses Solutions Case Studies & Testimonials News & Insights About Us Contact Us
Public Sector Graduate Training Schemes Learning & Development Corporate & Volume Pricing Custom Learning Paths

Public Sector

We've had the pleasure of working with UK and overseas central and local government departments, including Healthcare (NHS and Foundation Trusts), Defence, Education (Universities and colleges), many of the main Civil Service departments, Emergency Services; also public-owned corporations including the BBC, Bank of England, Ordnance Survey, and regulatory bodies such as Ofgem.

We are registered on Crown Commercial Service’s (CCS) Dynamic Purchasing System (RM6219 Training and Learning) and also with numerous tender portals such as Ariba, Coupa and Delta E-Sourcing.

Read more...

Graduate Training Schemes

Framework Training has a strong track record of providing a solid introduction into the working world for technical graduates across myriad industries. We provide the opportunity to learn and gain valuable hands-on experience in a supportive, friendly and sociable training environment.

Attract & retain the brightest new starters

We know it is vital for our clients to invest in the future of their talented grads; not only to provide them with high-quality, professional training essential for their roles, but to embed them within the organisation’s culture and guide them on the right path to a successful career.

After all, your new hires could well be the next leaders and their creative ideas and unique insights are invaluable to your business.

Read more ...

Learning & Development

Our unique portfolio of high-quality technical courses and training programmes are industry-respected. They’re carefully designed so that delegates can seamlessly apply what they’ve learnt back in the workplace. Our team of domain experts, trainers, and support teams know our field — and all things tech — inside out, and we work hard to keep ourselves up to speed with the latest innovations. 

We’re proud to develop and deliver innovative learning solutions that actually work and make a tangible difference to your people and your business, driving through positive lasting change. Our training courses and programmes are human-centred. Everything we do is underpinned by our commitment to continuous improvement and learning and generally making things much better.

Read more...

Corporate & Volume Pricing

Whether you are looking to book multiple places on public scheduled courses (attended remotely or in our training centres in London) or planning private courses for a team within your organisation, we will be happy to discuss preferential pricing which maximise your staff education budget.

Enquire today about:

  • Training programme pricing models  

  • Multi-course voucher schemes

Read more...

Custom Learning Paths

We understand that your team training needs don't always fit into a "one size fits all" mould, and we're very happy to explore ways in which we can tailor a bespoke learning path to fit your learning needs.

Find out about how we can customise everything from short overviews, intensive workshops, and wider training programmes that give you coverage of the most relevant topics based on what your staff need to excel in their roles.

Read more...

Python Web Security: Developing Secure Flask Applications

Secure your Python web apps: Flask security and the OWASP Top Ten.

About the course

Flask is a widely-used, lightweight Python web framework, known for its simplicity and flexibility in building web applications and APIs. As Flask applications become more prevalent, ensuring their security is paramount to protect sensitive data and prevent breaches. Developers must be equipped with the knowledge and practical skills to identify common web vulnerabilities and understand how to defend against them specifically within the Flask ecosystem. This 2-day intensive hands-on training course is designed for Python developers who want to master secure coding practices for Flask applications and understand how to prevent common web security risks, drawing heavily on the principles of the OWASP Top 10.

The course is structured to provide participants with a comprehensive understanding of Flask security challenges and the practical techniques needed to implement effective countermeasures. It begins by introducing key security vulnerabilities relevant to Flask applications, such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF), explaining how they manifest and how to mitigate them using Flask-specific approaches and Python best practices. The training then delves into more advanced security issues, including the risks and safe handling of Insecure File Uploads, preventing Server-Side Template Injection (SSTI) by understanding how user input can exploit template engines, and mitigating Command Injection risks by using secure subprocess handling methods.

Furthermore, the course covers implementing secure Authentication and Session Management using Flask extensions like Flask-Login or Flask-Security, understanding the risks of Insecure Deserialization and how to handle data safely, and implementing Logging Security Best Practices to prevent log injection and information leaks in Flask applications. Participants will also learn about integrating security practices throughout the Secure Development Lifecycle (SDLC) and gain an introduction to Penetration Testing and Security Scanning tools and techniques relevant to Flask applications. A significant emphasis is placed on practical application, with extensive hands-on labs throughout the three days where participants will explore vulnerable Flask apps, practice exploiting vulnerabilities in a safe environment, implement fixes, and apply secure coding techniques directly in Flask code. The course concludes with a review session to consolidate learning and discuss integrating security into the daily Flask development process.

Instructor-led online and in-house face-to-face options are available - as part of a wider customised training programme, or as a standalone workshop, on-site at your offices or at one of many flexible meeting spaces in the UK and around the World.

    • Understand the key security challenges and risks in Flask web applications, including their relevance to the OWASP Top 10.
    • Identify and implement effective mitigation techniques for common Injection vulnerabilities in Flask, including SQL Injection and Command Injection.
    • Identify and implement effective mitigation techniques for client-side vulnerabilities like Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in Flask.
    • Understand the risks and implement secure handling for file-related vulnerabilities like Insecure File Uploads and templating risks like Server-Side Template Injection (SSTI) in Flask.
    • Implement secure Authentication and Session Management mechanisms in Flask applications.
    • Understand and prevent Insecure Deserialization and apply secure data handling practices in Flask.
    • Implement Logging Security Best Practices in Flask applications.
    • Understand how to integrate security practices throughout the Secure Development Lifecycle (SDLC) for Flask projects.
    • Gain an introduction to Penetration Testing and Security Scanning tools and techniques for identifying vulnerabilities in Flask applications.
    • Apply learned security concepts through extensive hands-on labs using vulnerable Flask applications.

  • This 3-day intensive hands-on training course is designed for Python software developers building applications using the Flask web framework. It is ideal for:

    • Python Developers who want to write secure Flask applications and understand web security vulnerabilities.

    • Flask Developers looking to deepen their knowledge of secure coding practices specific to the framework.

    • Python or Flask Architects and Technical Leads responsible for designing secure Flask application architectures.

    • Developers involved in building or maintaining web applications or APIs using Flask.

    • Security professionals who need to understand application security specifically within the Python/Flask ecosystem.

  • Participants should have:

    • Experience developing applications using the Python programming language.

    • Familiarity with the Flask web framework is essential, as the course focuses specifically on Flask security.

    • A basic understanding of web technologies (HTTP, browsers, client-server concepts).

    We can customise the training to match your team's experience and needs - with more time and coverage of fundamentals for newer developers, for instance.

  • This Python and Flask security course is available for private / custom delivery for your team - as an in-house face-to-face workshop at your location of choice, or as online instructor-led training via MS Teams (or your own preferred platform).

    Get in touch to find out how we can deliver tailored training which focuses on your project requirements and learning goals.

  • Introduction to Flask Security and OWASP Top 10

    • Overview of Flask web development.

    • Introduction to the OWASP Web App Security Top 10 and its relevance to Flask.

    • Discussion of key Flask security challenges (SQL Injection, XSS, CSRF).

    SQL Injection in Flask

    • What SQL Injection is and how it works specifically in Flask applications.

    • Best practices for mitigating SQL Injection.

    • Lab 1: Detecting and Fixing SQL Injection.

      • Explore a vulnerable Flask app and perform SQL Injection.

      • Implement fixes using parameterised queries with SQLite.

    Cross-Site Scripting (XSS) in Flask

    • Explanation of XSS and its impact on Flask apps.

    • How Flask apps are vulnerable to XSS.

    • Preventing XSS using input sanitisation and output encoding.  

    • Lab 2: Detecting and Fixing XSS Vulnerabilities.

      • Demonstrate XSS vulnerability in a Flask route.

      • Implement a fix using escape() and Flask extensions like Flask-WTF.

    Cross-Site Request Forgery (CSRF) in Flask

    • Understanding CSRF and its risks.

    • How to prevent CSRF attacks in Flask.

    • Lab 3: Fixing CSRF Vulnerabilities.

      • Work through a vulnerable Flask form.

      • Implement CSRF protection using Flask-WTF.

    Insecure File Uploads in Flask

    • Common risks associated with file uploads.

    • How to safely handle file uploads in Flask.

    • Lab 4: Securing File Uploads.

      • Implement file upload validation (e.g., file extension checks) and secure storage.

    Server-Side Template Injection (SSTI) in Flask

    • Explanation of SSTI and its impact on Flask applications.

    • How user input can exploit template engines.

    • Lab 5: Preventing SSTI.

      • Demonstrate SSTI vulnerability.

      • Use Flask's escape() function to secure templates.

    Command Injection in Flask

    • Risks of passing untrusted data to system commands.

    • Using safe subprocess handling methods to mitigate command injection.  

    • Lab 6: Detecting and Fixing Command Injection.

      • Explore a vulnerable command injection in a Flask route.

      • Implement a secure subprocess call with arguments.

    Secure Authentication and Session Management in Flask

    • Overview of secure user authentication mechanisms suitable for web applications.

    • Using secure session management (cookies, token-based authentication) in Flask.

    • Lab 7: Securing Authentication and Sessions.

      • Implement secure login and session management using Flask-Login or Flask-Security.

    Secure Development Lifecycle (SDLC) in Flask Projects

    • The importance of integrating security throughout the entire development lifecycle.

    • Integrating security practices into your workflow, such as code reviews and CI/CD pipelines, specifically for Flask projects.

    • Lab 8: Secure Flask App Review.

      • Participants will review a Flask application and identify areas for security improvement.

    Insecure Deserialization and Secure Data Handling in Flask

    • Introduction to the risks of insecure deserialization vulnerabilities.

    • Safely handling data and preventing insecure deserialization by replacing vulnerable serialization formats (like pickle) with safer alternatives (like JSON) in Flask applications.

    • Lab 9: Preventing Insecure Deserialization.

      • Detect insecure deserialization vulnerabilities and implement fixes.

    Logging Security Best Practices in Flask

    • The risks of improper logging, including log injection and unintentional information leaks.

    • Best practices for implementing secure logging in Flask applications, including sanitizing user inputs before logging.

    • Lab 10: Secure Logging Implementation. * Implement secure logging with sanitized user inputs, preventing log injection.

    Penetration Testing and Security Scanning for Flask Apps

    • Introduction to security testing tools and techniques.

    • Conducting basic security scans to identify common vulnerabilities in Flask applications.

    • Lab 11: Penetration Testing.

      • Participants will scan a vulnerable Flask app and identify potential vulnerabilities using basic tools.

    Wrap-up Session: Final Security Review and Q&A

    • Review of the key concepts learned throughout the course.

    • Addressing any remaining questions.

    • Discussing integrating security into the Flask development process.

Trusted by

CAPITA company logo OVO Energy company logo

Public Courses Dates and Rates

Please get in touch for pricing and availability.

Related courses