Awesome
<br/> <div align="center">A curated list of awesome Python security related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
</div> <br/>Contents
Tools
Web Framework Hardening
- Secure.py - secure.py 🔒 is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
- Flask-HTTPAuth - Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
- Flask Talisman - Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
- Django deployment checklist - Web framework Django has built-in feature to check for security configurations: run this command
manage.py check --deploy
. It's really helpful as it already included in the framework. - Django Session CSRF - CSRF protection for Django without cookies.
Multi tools
- hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- Hubble - Hubble is a modular, open-source security compliance framework.
- Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
Static Code Analysis
- Bandit - Bandit is a tool designed to find common security issues in Python code.
- Pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
- Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.
Vulnerabilities and Security Advisories
- Safety - Safety checks your installed dependencies for known security vulnerabilities.
- snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in libraries.
- Common Vulnerabilities and Exposures - Vulnerabilities that were assigned a CVE. Covers the language and packages.
- National Vulnerability Database - Python known vulnerabilities in the National Vulnerability Database.
Penetration Testing
- EvilTwinFramework - A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities.
- sqlmap - Automatic SQL injection and database takeover tool
Cryptography
- Passlib - Secure password storage/hashing library, very high level.
- PyNacl - Python binding to the Networking and Cryptography (NaCl) library.
Application Templates
- wemake-django-template - Bleeding edge
django
template focused on code quality and security.
Educational
Hacking Playground
- Let's be bad Guys - Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
- django.nV - django.nV is a purposefully vulnerable Django application provided by nVisium.
- DSVW - Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
- DVPWA - Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.
Books
- Full Stack Python Security - A comprehensive look at cybersecurity for Python developers
Articles, Guides & Talks
- cryptography - A package designed to expose cryptographic primitives and recipes to Python developers.
- 10 Common Security Gotchas in Python - 10 common security gotchas in Python and how to avoid them.
- OWASP Python Security - Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
- Django Security - Overview of Django’s security features includes advice on securing a Django-powered site.
Companies
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- Snyk - A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.
Other
Reporting Bugs
Contributing
Found an awesome project, package, article, or another type of resources related to Python Security? Send me a pull request! Just follow the guidelines. Thank you!
say hi on Twitter