{"id":13538323,"url":"https://github.com/guardrailsio/awesome-python-security","last_synced_at":"2025-10-22T15:31:30.009Z","repository":{"id":38206755,"uuid":"163282423","full_name":"guardrailsio/awesome-python-security","owner":"guardrailsio","description":"Awesome Python Security resources 🕶🐍🔐","archived":false,"fork":false,"pushed_at":"2023-08-24T08:54:42.000Z","size":18,"stargazers_count":897,"open_issues_count":1,"forks_count":93,"subscribers_count":44,"default_branch":"master","last_synced_at":"2024-05-23T09:48:54.142Z","etag":null,"topics":["awesome","awesome-list","python","security","security-testing","security-tools","static-analysis"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/guardrailsio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.MD","funding":null,"license":null,"code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-12-27T10:43:07.000Z","updated_at":"2024-05-17T21:12:30.000Z","dependencies_parsed_at":"2024-01-11T22:01:55.188Z","dependency_job_id":"e9909df2-3d17-469e-a8be-42cc8e1d729e","html_url":"https://github.com/guardrailsio/awesome-python-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guardrailsio%2Fawesome-python-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guardrailsio%2Fawesome-python-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guardrailsio%2Fawesome-python-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guardrailsio%2Fawesome-python-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/guardrailsio","download_url":"https://codeload.github.com/guardrailsio/awesome-python-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237709885,"owners_count":19354085,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome","awesome-list","python","security","security-testing","security-tools","static-analysis"],"created_at":"2024-08-01T09:01:09.884Z","updated_at":"2025-10-22T15:31:24.612Z","avatar_url":"https://github.com/guardrailsio.png","language":null,"readme":"\u003cbr/\u003e\n\u003cdiv align=\"center\"\u003e\n\nA curated list of awesome Python security related resources.\n\n[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)\n\n_List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._\n\nSupported by: [GuardRails.io](https://www.guardrails.io)\n\n\u003c/div\u003e\n\u003cbr/\u003e\n\n# Contents\n- [Tools](#tools)\n- [Educational](#educational)\n- [Companies](#companies)\n- [Other](#other)\n- [Contributing](#contributing)\n\n# Tools\n\n## Web Framework Hardening\n\n- [Secure.py](https://github.com/cakinney/secure.py) - secure.py 🔒 is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.\n- [Flask-HTTPAuth](https://github.com/miguelgrinberg/flask-httpauth/) - Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.\n- [Flask Talisman](https://github.com/GoogleCloudPlatform/flask-talisman) - Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.\n- [Django deployment checklist](https://docs.djangoproject.com/en/dev/howto/deployment/checklist/) - Web framework Django has built-in feature to check for security configurations: run this command `manage.py check --deploy`. It's really helpful as it already included in the framework.\n- [Django Session CSRF](https://github.com/mozilla/django-session-csrf) - CSRF protection for Django without cookies.\n\n## Multi tools\n\n- [hawkeye](https://github.com/hawkeyesec/scanner-cli) - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.\n- [GuardRails](https://github.com/apps/guardrails) - A GitHub App that gives you instant security feedback in your Pull Requests.\n- [Hubble](https://github.com/hubblestack/hubble) - Hubble is a modular, open-source security compliance framework.\n- [Salus](https://github.com/coinbase/salus) - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.\n\n## Static Code Analysis\n\n- [Bandit](https://github.com/PyCQA/bandit) - Bandit is a tool designed to find common security issues in Python code.\n- [Pyt](https://github.com/python-security/pyt) - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.\n- [Detect Secrets](https://libraries.io/pypi/detect-secrets) - An enterprise friendly way of detecting and preventing secrets in code.\n\n## Vulnerabilities and Security Advisories\n\n- [Safety](https://github.com/pyupio/safety) - Safety checks your installed dependencies for known security vulnerabilities.\n- [snyk Vulnerability DB](https://snyk.io/vuln?type=pip) - Commercial but free listing of known vulnerabilities in libraries.\n- [Common Vulnerabilities and Exposures](https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html) - Vulnerabilities that were assigned a CVE. Covers the language and packages.\n- [National Vulnerability Database](https://nvd.nist.gov/vuln/search/results?form_type=Basic\u0026results_type=overview\u0026query=python\u0026search_type=all) - Python known vulnerabilities in the National Vulnerability Database.\n\n## Penetration Testing\n\n- [EvilTwinFramework](https://github.com/Esser420/EvilTwinFramework) - A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities.\n- [sqlmap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool\n\n## Cryptography\n\n- [Passlib](https://bitbucket.org/ecollins/passlib) - Secure password storage/hashing library, very high level.\n- [PyNacl](https://github.com/pyca/pynacl) - Python binding to the Networking and Cryptography (NaCl) library.\n\n## Application Templates\n\n- [wemake-django-template](https://github.com/wemake-services/wemake-django-template) - Bleeding edge `django` template focused on code quality and security.\n\n# Educational\n\n## Hacking Playground\n\n- [Let's be bad Guys](https://github.com/mpirnat/lets-be-bad-guys) - Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.\n- [django.nV](https://github.com/nVisium/django.nV) - django.nV is a purposefully vulnerable Django application provided by nVisium.\n- [DSVW](https://github.com/stamparm/DSVW) - Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.\n- [DVPWA](https://github.com/anxolerd/dvpwa) - Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.\n\n## Books\n\n- [Full Stack Python Security](https://www.manning.com/books/full-stack-python-security) - A comprehensive look at cybersecurity for Python developers\n\n## Articles, Guides \u0026 Talks\n\n- [cryptography](https://cryptography.io/en/latest/) - A package designed to expose cryptographic primitives and recipes to Python developers.\n- [10 Common Security Gotchas in Python](https://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03) - 10 common security gotchas in Python and how to avoid them.\n- [OWASP Python Security](http://www.pythonsecurity.org/) - Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.\n- [Django Security](https://docs.djangoproject.com/en/2.1/topics/security/) - Overview of Django’s security features includes advice on securing a Django-powered site.\n\n# Companies\n\n- [GuardRails](https://www.guardrails.io) - A GitHub App that gives you instant security feedback in your Pull Requests.\n- [Snyk](https://snyk.io) - A developer-first solution that automates finding \u0026 fixing known vulnerabilities in your dependencies.\n\n# Other\n\n## Reporting Bugs\n\n- [Python Security Reporting](https://www.python.org/news/security/)\n\n# Contributing\n\nFound an awesome project, package, article, or another type of resources related to Python Security? Send me a pull request!\nJust follow the [guidelines](/CONTRIBUTING.md). Thank you!\n\n---\n\nsay _hi_ on [Twitter](https://twitter.com/s_streichsbier)\n\n## License\n\n[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](http://creativecommons.org/publicdomain/zero/1.0/)\n","funding_links":[],"categories":["\u003ca id=\"a4ee2f4d4a944b54b2246c72c037cd2e\"\u003e\u003c/a\u003e收集\u0026\u0026集合","Coding","Programming Languages","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","Others","\u003ca id=\"e97d183e67fa3f530e7d0e7e8c33ee62\"\u003e\u003c/a\u003e未分类","Other Lists","Others (1002)","Awesome awesomeness"],"sub_categories":["\u003ca id=\"e97d183e67fa3f530e7d0e7e8c33ee62\"\u003e\u003c/a\u003e未分类","\u003ca id=\"f110da0bf67359d3abc62b27d717e55e\"\u003e\u003c/a\u003e新添加的","TeX Lists","Awesome python"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fguardrailsio%2Fawesome-python-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fguardrailsio%2Fawesome-python-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fguardrailsio%2Fawesome-python-security/lists"}