We can never rely on network firewall to be secure. We also must have a secure application. Besides test the functionality of the application, we must also test the security of the application. While the latter is frequently not performed hence the first is considered more important. In this 25 minute talk, I'll share my experience using python for application security testing: from SQL injection, brute force attack, identifying and cracking password hashes, to proxy-ing the network traffic: intercept and modify it; and also doing network forensic.