Interactive, hands-on security tutorial covering OWASP Top 10 and CWE Top 25 vulnerabilities with FastAPI/Python examples.
Live Demo | Report Bug | Request Module
This is a comprehensive, interactive security education platform designed to teach developers about web application vulnerabilities through hands-on learning. Each module covers a critical security vulnerability from the OWASP Top 10 and CWE Top 25.
- ✅ Learn by Doing - Interactive labs where you can safely exploit and fix vulnerabilities
- ✅ Production-Ready Code - All examples use FastAPI with real security best practices
- ✅ Comprehensive Coverage - Vulnerable code → Explanation → Fix → Quiz reinforcement
- ✅ Visual Learning - Syntax-highlighted code with before/after comparisons
- ✅ Progress Tracking - Save your progress as you complete modules
- ✅ Community-Driven - Open source and accepting contributions
| Module | OWASP | CWE | Severity | Status |
|---|---|---|---|---|
| SQL Injection | #3 | CWE-89 | Critical | ✅ Complete |
| Cross-Site Scripting (XSS) | #3 | CWE-79 | High | ✅ Complete |
| Broken Authentication | #7 | CWE-287 | Critical | ✅ Complete |
- Cross-Site Request Forgery (CSRF) - CWE-352
- Path Traversal - CWE-22
- Command Injection - CWE-78
- Insecure Deserialization - CWE-502
- XML External Entities (XXE) - CWE-611
- Server-Side Request Forgery (SSRF) - CWE-918
- Security Misconfiguration - OWASP #5
- Sensitive Data Exposure - CWE-311
Simply visit the live tutorial - no installation needed!
# Clone the repository
git clone https://github.com/lgtkgtv/owasp_python_security_tutorial.git
cd owasp_python_security_tutorial
# Install pnpm (if not already installed)
npm install -g pnpm
# Install dependencies
pnpm install
# Start development server
pnpm dev
# Open http://localhost:5173 in your browserEach module follows a consistent, pedagogically-sound structure:
- Understanding the vulnerability with code examples
- Real-world impact and attack scenarios
- Best Known Methods (BKM) for fixing with before/after code comparison
- Safe environment to test actual attacks
- Multiple attack vectors to try
- Real-time feedback showing vulnerable vs secure behavior
- Knowledge reinforcement questions
- Detailed explanations for each answer
- Progress tracking
owasp_python_security_tutorial/
├── src/
│ ├── OWASPTutorial.jsx # Main application component
│ ├── main.jsx # React entry point
│ └── index.css # Global styles
├── public/
│ └── index.html # HTML template
├── docs/
│ ├── CONTRIBUTING.md # Contribution guidelines
│ └── MODULE_TEMPLATE.md # Template for new modules
├── .github/
│ └── workflows/
│ └── deploy.yml # GitHub Pages deployment
├── package.json # Dependencies and scripts
├── vite.config.js # Vite configuration
├── tailwind.config.js # Tailwind CSS configuration
└── README.md # This file
- Frontend Framework: React 18
- Build Tool: Vite
- Package Manager: pnpm (fast, disk-efficient)
- Styling: Tailwind CSS
- Icons: Lucide React
- Deployment: GitHub Pages
- Backend Examples: FastAPI (Python)
We welcome contributions! Whether it's:
- 🐛 Bug fixes
- 📝 Documentation improvements
- ✨ New security modules
- 🎨 UI/UX enhancements
- 🌐 Translations
Please read our Contributing Guide and Module Template to get started.
- Review the Module Template
- Create your module following the existing pattern
- Add it to the module configuration
- Test thoroughly
- Submit a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- OWASP Foundation for security guidelines
- MITRE CWE for vulnerability classifications
- FastAPI for excellent Python framework
- All contributors who help improve this tutorial
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Security Concerns: Please report security vulnerabilities privately via GitHub Security Advisories
If this tutorial helped you learn about security, please consider giving it a star! ⭐
Built with ❤️ for the security community
Learn. Practice. Secure.