Skip to content

Latest commit

 

History

History
118 lines (66 loc) · 6.48 KB

README.md

File metadata and controls

118 lines (66 loc) · 6.48 KB

Python Security

Welcome to the World of Python:

An ongoing collection of Python language tools and frameworks, software, libraries, learning tutorials, frameworks, academic and practical resources. Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.

python

Table of Contents

Tools

Web Framework Hardening

  • Secure.py - secure.py 🔒 is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
  • Flask-HTTPAuth - Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
  • Flask Talisman - Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
  • Django Session CSRF - CSRF protection for Django without cookies.

Multi tools

  • hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
  • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
  • Hubble - Hubble is a modular, open-source security compliance framework.
  • Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.

Static Code Analysis

  • Bandit - Bandit is a tool designed to find common security issues in Python code.
  • Pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
  • Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.

Vulnerabilities and Security Advisories

Penetration Testing

  • EvilTwinFramework - A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities.
  • sqlmap - Automatic SQL injection and database takeover tool

Cryptography

  • Passlib - Secure password storage/hashing library, very high level.
  • PyNacl - Python binding to the Networking and Cryptography (NaCl) library.

Application Templates

Educational

Hacking Playground

  • Let's be bad Guys - Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
  • django.nV - django.nV is a purposefully vulnerable Django application provided by nVisium.
  • DSVW - Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
  • DVPWA - Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.

Books

Articles, Guides & Talks

  • cryptography - A package designed to expose cryptographic primitives and recipes to Python developers.
  • 10 Common Security Gotchas in Python - 10 common security gotchas in Python and how to avoid them.
  • OWASP Python Security - Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
  • Django Security - Overview of Django’s security features includes advice on securing a Django-powered site.

Companies

  • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
  • Snyk - A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.

Other

Reporting Bugs

Contributing

Found an awesome project, package, article, or another type of resources related to Python Security? Send me a pull request! Just follow the guidelines. Thank you!

License

MIT License & cc license

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work. Just follow the guidelines. Thank you!