Awesome Python Security resources πŸ•ΆπŸπŸ”
Clone or download
streichsbaer Merge pull request #2 from sobolevn/patch-1
Adds wemake-django-template, closes #1
Latest commit 496475a Jan 16, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CONTRIBUTING.MD Initial Commit of Awesomeness Dec 27, 2018
README.md Adds wemake-django-template, closes #1 Jan 14, 2019
code-of-conduct.md Initial Commit of Awesomeness Dec 27, 2018

README.md


A curated list of awesome Python security related resources.

Awesome

List inspired by the awesome list thing.

Supported by: GuardRails.io


Tools

Web Framework Hardening

  • Secure.py - secure.py πŸ”’ is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
  • Flask-HTTPAuth - Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
  • Flask Talisman - Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
  • Django Session CSRF - CSRF protection for Django without cookies.

Multi tools

  • hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
  • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
  • Hubble - Hubble is a modular, open-source security compliance framework.
  • Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.

Static Code Analysis

  • Bandit - Bandit is a tool designed to find common security issues in Python code.
  • Pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
  • Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.

Vulnerabilities and Security Advisories

Cryptography

  • Passlib - Secure password storage/hashing library, very high level.
  • PyNacl - Python binding to the Networking and Cryptography (NaCl) library.

Application Templates

Educational

Hacking Playground

  • Let's be bad Guys - Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
  • django.nV - django.nV is a purposefully vulnerable Django application provided by nVisium.
  • DSVW - Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
  • DVPWA - Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.

Articles, Guides & Talks

  • cryptography - A package designed to expose cryptographic primitives and recipes to Python developers.
  • 10 Common Security Gotchas in Python - 10 common security gotchas in Python and how to avoid them.
  • OWASP Python Security - Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
  • Django Security - Overview of Django’s security features includes advice on securing a Django-powered site.

Companies

  • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
  • Snyk - A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.

Other

Reporting Bugs

Contributing

Found an awesome project, package, article, or another type of resources related to Python Security? Send me a pull request! Just follow the guidelines. Thank you!


say hi on Twitter

License

CC0