Why read a book when you can get a comprehensive abstract from SacaNotes?
This application is built using top notch web and Python development practices. It's not succeptible to any kind of attacks... AT ALL. This app doesn't sanitize query string parameters and uses them to access the file system, because who wouldn't.
The app is meant to be containerized and deployed via Kubernetes to Azure. If you want to go full pro with Kubernetes in Azure, you can use the apimodel.json file along with acs-engine.