awesome-python-security
Security resources
A curated list of security resources and tools for Python developers.
Awesome Python Security resources πΆππ
916 stars
43 watching
96 forks
last commit: over 1 year ago
Linked from 1 awesome list
awesomeawesome-listpythonsecuritysecurity-testingsecurity-toolsstatic-analysis
Tools / Web Framework Hardening | |||
| Secure.py | 908 | 3 months ago | secure.py π is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks |
| Flask-HTTPAuth | 1,268 | 6 months ago | Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes |
| Flask Talisman | 925 | 9 months ago | Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues |
| Django deployment checklist | Web framework Django has built-in feature to check for security configurations: run this command . It's really helpful as it already included in the framework | ||
| Django Session CSRF | 111 | almost 6 years ago | CSRF protection for Django without cookies |
Tools / Multi tools | |||
| hawkeye | 359 | over 3 years ago | Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java |
| GuardRails | A GitHub App that gives you instant security feedback in your Pull Requests | ||
| Hubble | 379 | over 1 year ago | Hubble is a modular, open-source security compliance framework |
| Salus | 25 | about 1 year ago | Multi purpose security scanning tool supporting Ruby, Node, Python and Go |
Tools / Static Code Analysis | |||
| Bandit | 6,559 | about 1 month ago | Bandit is a tool designed to find common security issues in Python code |
| Pyt | 2,181 | about 4 years ago | A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications |
| Detect Secrets | An enterprise friendly way of detecting and preventing secrets in code | ||
Tools / Vulnerabilities and Security Advisories | |||
| Safety | 1,758 | about 1 month ago | Safety checks your installed dependencies for known security vulnerabilities |
| snyk Vulnerability DB | Commercial but free listing of known vulnerabilities in libraries | ||
| Common Vulnerabilities and Exposures | Vulnerabilities that were assigned a CVE. Covers the language and packages | ||
| National Vulnerability Database | Python known vulnerabilities in the National Vulnerability Database | ||
Tools / Penetration Testing | |||
| EvilTwinFramework | 282 | 6 months ago | A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities |
| sqlmap | 32,841 | about 1 month ago | Automatic SQL injection and database takeover tool |
Tools / Cryptography | |||
| Passlib | Secure password storage/hashing library, very high level | ||
| PyNacl | 1,079 | about 2 months ago | Python binding to the Networking and Cryptography (NaCl) library |
Tools / Application Templates | |||
| wemake-django-template | 2,015 | about 1 month ago | Bleeding edge template focused on code quality and security |
Educational / Hacking Playground | |||
| Let's be bad Guys | 186 | 6 months ago | Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities |
| django.nV | 202 | about 3 years ago | django.nV is a purposefully vulnerable Django application provided by nVisium |
| DSVW | 794 | 7 months ago | Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes |
| DVPWA | 164 | 8 months ago | Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics |
Educational / Books | |||
| Full Stack Python Security | A comprehensive look at cybersecurity for Python developers | ||
Educational / Articles, Guides & Talks | |||
| cryptography | A package designed to expose cryptographic primitives and recipes to Python developers | ||
| 10 Common Security Gotchas in Python | 10 common security gotchas in Python and how to avoid them | ||
| OWASP Python Security | Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations | ||
| Django Security | Overview of Djangoβs security features includes advice on securing a Django-powered site | ||
Companies | |||
| GuardRails | A GitHub App that gives you instant security feedback in your Pull Requests | ||
| Snyk | A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies | ||
Other / Reporting Bugs | |||
| Python Security Reporting | |||
0ex/more-awesomeMore related projects:
-
gabdug/sync-pre-commit-lock
-
wemake-services/django-test-migrations
-
abatilo/actions-poetry
-
snok/flake8-type-checking
-
cjolowicz/cookiecutter-hypermodern-python
-
-
typeddjango/django-stubs
-
0xzdh/o365spray
-
apiflask/apiflask
-
tobi-de/fuzzy-couscous
-
mottosso/bleeding-rez
-
superlinear-ai/poetry-cookiecutter
-
dmyersturnbull/tyrannosaurus