https://github.com/lchsk/django-insecure
Example of an insecure Django application
https://github.com/lchsk/django-insecure
django education security
Last synced: 1 day ago
JSON representation
Example of an insecure Django application
- Host: GitHub
- URL: https://github.com/lchsk/django-insecure
- Owner: lchsk
- Created: 2020-02-05T20:53:14.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2023-02-20T12:05:29.000Z (about 2 years ago)
- Last Synced: 2025-04-03T17:23:00.483Z (23 days ago)
- Topics: django, education, security
- Language: Python
- Homepage: https://lchsk.com/stay-paranoid-and-trust-no-one-overview-of-common-security-vulnerabilities-in-web-applications.html
- Size: 14.6 KB
- Stars: 12
- Watchers: 2
- Forks: 9
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Simple Django application with a number of built-in security vulnerabilities
Corresponding article with examples and explanation: [Stay paranoid and trust no one. Overview of common security vulnerabilities in web applications](https://lchsk.com/stay-paranoid-and-trust-no-one-overview-of-common-security-vulnerabilities-in-web-applications.html)
Some of them are detected with [bandit](https://github.com/PyCQA/bandit)
Run it like this:
```
bandit -r ./insecure/security
```
To start the server:
```
python manage.py runserver
```
Contains examples of threats:
- SQL injection
- Command injection
- Insecure deserialization (unsafe use of Python `pickle`)
- Cross-site scripting (XSS)