Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lchsk/django-insecure
Example of an insecure Django application
https://github.com/lchsk/django-insecure
django education security
Last synced: 6 days ago
JSON representation
Example of an insecure Django application
- Host: GitHub
- URL: https://github.com/lchsk/django-insecure
- Owner: lchsk
- Created: 2020-02-05T20:53:14.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2023-02-20T12:05:29.000Z (over 1 year ago)
- Last Synced: 2024-04-24T10:59:15.620Z (7 months ago)
- Topics: django, education, security
- Language: Python
- Homepage: https://lchsk.com/stay-paranoid-and-trust-no-one-overview-of-common-security-vulnerabilities-in-web-applications.html
- Size: 14.6 KB
- Stars: 11
- Watchers: 3
- Forks: 8
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Simple Django application with a number of built-in security vulnerabilities
Corresponding article with examples and explanation: [Stay paranoid and trust no one. Overview of common security vulnerabilities in web applications](https://lchsk.com/stay-paranoid-and-trust-no-one-overview-of-common-security-vulnerabilities-in-web-applications.html)
Some of them are detected with [bandit](https://github.com/PyCQA/bandit)
Run it like this:
```
bandit -r ./insecure/security
```
To start the server:
```
python manage.py runserver
```
Contains examples of threats:
- SQL injection
- Command injection
- Insecure deserialization (unsafe use of Python `pickle`)
- Cross-site scripting (XSS)