Contents

• Tools
• Educational
• Companies
• Other
• Contributing

Tools

Web Framework Hardening

• Secure.py - secure.py 🔒 is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
• Flask-HTTPAuth - Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
• Flask Talisman - Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
• Django Session CSRF - CSRF protection for Django without cookies.

Multi tools

• hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
• GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
• Hubble - Hubble is a modular, open-source security compliance framework.
• Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.

Static Code Analysis

• Bandit - Bandit is a tool designed to find common security issues in Python code.
• Pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
• Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.

Vulnerabilities and Security Advisories

• Safety - Safety checks your installed dependencies for known security vulnerabilities.
• snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in libraries.
• Common Vulnerabilities and Exposures - Vulnerabilities that were assigned a CVE. Covers the language and packages.
• National Vulnerability Database - Python known vulnerabilities in the National Vulnerability Database.

Penetration Testing

• EvilTwinFramework - A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities.
• sqlmap - Automatic SQL injection and database takeover tool

Cryptography

• Passlib - Secure password storage/hashing library, very high level.
• PyNacl - Python binding to the Networking and Cryptography (NaCl) library.

Application Templates

• wemake-django-template - Bleeding edge django template focused on code quality and security.

Educational

Hacking Playground

• Let's be bad Guys - Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
• django.nV - django.nV is a purposefully vulnerable Django application provided by nVisium.
• DSVW - Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
• DVPWA - Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.

Articles, Guides & Talks

• cryptography - A package designed to expose cryptographic primitives and recipes to Python developers.
• 10 Common Security Gotchas in Python - 10 common security gotchas in Python and how to avoid them.
• OWASP Python Security - Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
• Django Security - Overview of Django’s security features includes advice on securing a Django-powered site.

Companies

• GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
• Snyk - A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.

Other

Reporting Bugs

• Python Security Reporting

Contributing

Found an awesome project, package, article, or another type of resources related to Python Security? Send me a pull request! Just follow the guidelines. Thank you!

say hi on Twitter

License