Skip to content

lchsk/django-insecure

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

Simple Django application with a number of built-in security vulnerabilities

Corresponding article with examples and explanation: Stay paranoid and trust no one. Overview of common security vulnerabilities in web applications

Some of them are detected with bandit

Run it like this:

bandit -r ./insecure/security

To start the server:

python manage.py runserver

Contains examples of threats:

  • SQL injection

  • Command injection

  • Insecure deserialization (unsafe use of Python pickle)

  • Cross-site scripting (XSS)