Skip to content
/ not-slithering-anywhere Public

The Python Version of our Not Go-ing Anywhere Vulnerable Application

License

Apache-2.0 license
10 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

trailofbits/not-slithering-anywhere

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
app
app
 
 
scripts/pickle
scripts/pickle
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Overview

Not Slithering Anywhere is the Python(3) version of our Not Go-ing Anywhere vulnerable application. It is meant to demonstrate a number of security issues commonly found in Python applications, as well as serve as the basis for static & dynamic tool testing grounds.

Getting started

  1. Setup a venv ala python3 -m venv ~/.venv/class
  2. Enter your venv ala source ~/.venv/class/bin/activate
  3. Install dependencies: pip3 install -r requirements.txt
  4. Run the class: python3 app.py

The class itself uses common libraries such as flask, SQLAlchemy, and jinja2 to explain vulnerabilities.

Expected Vulnerabilities

Server

  1. Server Misconfiguration
    1. CORS
    2. Caching
  2. Injection Related
    1. XSS (technically separate according to OWASP)
    2. SQLi
    3. Server-Side Template Inclusion (SSTI)
  3. Incorrect data validation (paths)
  4. AuthN/AuthZ failures

General Python

  1. Unix & Python Environment
  2. Keys & Sensitive Data Storage
  3. Pickles & Serialization
  4. Dependencies & Tooling

About

The Python Version of our Not Go-ing Anywhere Vulnerable Application

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

10 stars

Watchers

28 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages