Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-python-security

Awesome Python Security resources πŸ•ΆπŸπŸ”
https://github.com/guardrailsio/awesome-python-security

Last synced: 1 day ago
JSON representation

  • Web Framework Hardening

    • Django deployment checklist - Web framework Django has built-in feature to check for security configurations: run this command `manage.py check --deploy`. It's really helpful as it already included in the framework.
    • Flask-HTTPAuth - Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
    • Flask Talisman - Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
    • Django Session CSRF - CSRF protection for Django without cookies.
  • Multi tools

    • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
    • hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
    • Hubble - Hubble is a modular, open-source security compliance framework.
    • Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
  • Static Code Analysis

    • Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.
    • Bandit - Bandit is a tool designed to find common security issues in Python code.
    • Pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
  • Vulnerabilities and Security Advisories

  • Cryptography

    • Passlib - Secure password storage/hashing library, very high level.
    • PyNacl - Python binding to the Networking and Cryptography (NaCl) library.
  • Books

  • Articles, Guides & Talks

    • cryptography - A package designed to expose cryptographic primitives and recipes to Python developers.
    • 10 Common Security Gotchas in Python - 10 common security gotchas in Python and how to avoid them.
    • OWASP Python Security - Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
    • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
    • Snyk - A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.
    • Django Security - Overview of Django’s security features includes advice on securing a Django-powered site.
  • Reporting Bugs

  • Penetration Testing

    • sqlmap - Automatic SQL injection and database takeover tool
  • Application Templates

  • Hacking Playground

    • Let's be bad Guys - Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
    • django.nV - django.nV is a purposefully vulnerable Django application provided by nVisium.
    • DSVW - Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
    • DVPWA - Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.