Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-python-security

Awesome Python Security resources 🕶🐍🔐
https://github.com/guardrailsio/awesome-python-security

Last synced: 3 days ago
JSON representation

Web Framework Hardening
- Django deployment checklist - Web framework Django has built-in feature to check for security configurations: run this command `manage.py check --deploy`. It's really helpful as it already included in the framework.
- Flask-HTTPAuth - Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
- Flask Talisman - Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
- Django Session CSRF - CSRF protection for Django without cookies.
Multi tools
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
- Hubble - Hubble is a modular, open-source security compliance framework.
- Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
Static Code Analysis
- Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.
- Bandit - Bandit is a tool designed to find common security issues in Python code.
- Pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
Vulnerabilities and Security Advisories
- National Vulnerability Database - Python known vulnerabilities in the National Vulnerability Database.
- snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in libraries.
- Common Vulnerabilities and Exposures - Vulnerabilities that were assigned a CVE. Covers the language and packages.
- Safety - Safety checks your installed dependencies for known security vulnerabilities.
Cryptography
- Passlib - Secure password storage/hashing library, very high level.
- PyNacl - Python binding to the Networking and Cryptography (NaCl) library.
Books
- Full Stack Python Security - A comprehensive look at cybersecurity for Python developers
Articles, Guides & Talks
- cryptography - A package designed to expose cryptographic primitives and recipes to Python developers.
- 10 Common Security Gotchas in Python - 10 common security gotchas in Python and how to avoid them.
- OWASP Python Security - Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- Snyk - A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.
- Django Security - Overview of Django’s security features includes advice on securing a Django-powered site.
Reporting Bugs
- Python Security Reporting
- Twitter
Penetration Testing
- sqlmap - Automatic SQL injection and database takeover tool
Application Templates
- wemake-django-template - Bleeding edge `django` template focused on code quality and security.
Hacking Playground
- Let's be bad Guys - Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
- django.nV - django.nV is a purposefully vulnerable Django application provided by nVisium.
- DSVW - Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
- DVPWA - Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.

Programming Languages

Python 11 HTML 2 JavaScript 2 C 1

Ecosyste.ms: Awesome

awesome-python-security

Web Framework Hardening

Multi tools

Static Code Analysis

Vulnerabilities and Security Advisories

Cryptography

Books

Articles, Guides & Talks

Reporting Bugs

Penetration Testing

Application Templates

Hacking Playground