awesome-python-security
Awesome Python Security resources πΆππ
909 stars
43 watching
94 forks
last commit: about 1 year ago
Linked from 1 awesome list
awesomeawesome-listpythonsecuritysecurity-testingsecurity-toolsstatic-analysis
Tools / Web Framework Hardening | |||
| Secure.py | 688 | 4 days ago | secure.py π is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks |
| Flask-HTTPAuth | 1,266 | about 2 months ago | Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes |
| Flask Talisman | 919 | 5 months ago | Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues |
| Django deployment checklist | Web framework Django has built-in feature to check for security configurations: run this command . It's really helpful as it already included in the framework | ||
| Django Session CSRF | 109 | over 5 years ago | CSRF protection for Django without cookies |
Tools / Multi tools | |||
| hawkeye | 358 | about 3 years ago | Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java |
| GuardRails | A GitHub App that gives you instant security feedback in your Pull Requests | ||
| Hubble | 379 | about 1 year ago | Hubble is a modular, open-source security compliance framework |
| Salus | 18 | 9 months ago | Multi purpose security scanning tool supporting Ruby, Node, Python and Go |
Tools / Static Code Analysis | |||
| Bandit | 6,351 | 5 days ago | Bandit is a tool designed to find common security issues in Python code |
| Pyt | 2,171 | almost 4 years ago | A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications |
| Detect Secrets | An enterprise friendly way of detecting and preventing secrets in code | ||
Tools / Vulnerabilities and Security Advisories | |||
| Safety | 1,693 | 12 days ago | Safety checks your installed dependencies for known security vulnerabilities |
| snyk Vulnerability DB | Commercial but free listing of known vulnerabilities in libraries | ||
| Common Vulnerabilities and Exposures | Vulnerabilities that were assigned a CVE. Covers the language and packages | ||
| National Vulnerability Database | Python known vulnerabilities in the National Vulnerability Database | ||
Tools / Penetration Testing | |||
| EvilTwinFramework | 265 | about 2 months ago | A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities |
| sqlmap | 31,961 | 18 days ago | Automatic SQL injection and database takeover tool |
Tools / Cryptography | |||
| Passlib | Secure password storage/hashing library, very high level | ||
| PyNacl | 1,059 | 27 days ago | Python binding to the Networking and Cryptography (NaCl) library |
Tools / Application Templates | |||
| wemake-django-template | 1,982 | 4 days ago | Bleeding edge template focused on code quality and security |
Educational / Hacking Playground | |||
| Let's be bad Guys | 185 | 2 months ago | Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities |
| django.nV | 201 | almost 3 years ago | django.nV is a purposefully vulnerable Django application provided by nVisium |
| DSVW | 772 | 4 months ago | Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes |
| DVPWA | 155 | 4 months ago | Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics |
Educational / Books | |||
| Full Stack Python Security | A comprehensive look at cybersecurity for Python developers | ||
Educational / Articles, Guides & Talks | |||
| cryptography | A package designed to expose cryptographic primitives and recipes to Python developers | ||
| 10 Common Security Gotchas in Python | 10 common security gotchas in Python and how to avoid them | ||
| OWASP Python Security | Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations | ||
| Django Security | Overview of Djangoβs security features includes advice on securing a Django-powered site | ||
Companies | |||
| GuardRails | A GitHub App that gives you instant security feedback in your Pull Requests | ||
| Snyk | A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies | ||
Other / Reporting Bugs | |||
| Python Security Reporting | |||
0ex/more-awesome