Skip to content

lchsk/django-insecure

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 

Repository files navigation

Simple Django application with a number of built-in security vulnerabilities

Corresponding article with examples and explanation: Stay paranoid and trust no one. Overview of common security vulnerabilities in web applications

Some of them are detected with bandit

Run it like this:

bandit -r ./insecure/security

To start the server:

python manage.py runserver

Contains examples of threats:

  • SQL injection

  • Command injection

  • Insecure deserialization (unsafe use of Python pickle)

  • Cross-site scripting (XSS)