awesome-python-security
Security resources
A curated list of security resources and tools for Python developers.
Awesome Python Security resources πΆππ
915 stars
43 watching
94 forks
last commit: about 1 year ago
Linked from 1 awesome list
awesomeawesome-listpythonsecuritysecurity-testingsecurity-toolsstatic-analysis
Tools / Web Framework Hardening | |||
| Secure.py | 878 | about 1 month ago | secure.py π is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks |
| Flask-HTTPAuth | 1,264 | 4 months ago | Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes |
| Flask Talisman | 923 | 7 months ago | Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues |
| Django deployment checklist | Web framework Django has built-in feature to check for security configurations: run this command . It's really helpful as it already included in the framework | ||
| Django Session CSRF | 110 | over 5 years ago | CSRF protection for Django without cookies |
Tools / Multi tools | |||
| hawkeye | 358 | about 3 years ago | Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java |
| GuardRails | A GitHub App that gives you instant security feedback in your Pull Requests | ||
| Hubble | 379 | over 1 year ago | Hubble is a modular, open-source security compliance framework |
| Salus | 21 | 10 months ago | Multi purpose security scanning tool supporting Ruby, Node, Python and Go |
Tools / Static Code Analysis | |||
| Bandit | 6,485 | 8 days ago | Bandit is a tool designed to find common security issues in Python code |
| Pyt | 2,176 | almost 4 years ago | A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications |
| Detect Secrets | An enterprise friendly way of detecting and preventing secrets in code | ||
Tools / Vulnerabilities and Security Advisories | |||
| Safety | 1,731 | 7 days ago | Safety checks your installed dependencies for known security vulnerabilities |
| snyk Vulnerability DB | Commercial but free listing of known vulnerabilities in libraries | ||
| Common Vulnerabilities and Exposures | Vulnerabilities that were assigned a CVE. Covers the language and packages | ||
| National Vulnerability Database | Python known vulnerabilities in the National Vulnerability Database | ||
Tools / Penetration Testing | |||
| EvilTwinFramework | 278 | 4 months ago | A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities |
| sqlmap | 32,576 | 6 days ago | Automatic SQL injection and database takeover tool |
Tools / Cryptography | |||
| Passlib | Secure password storage/hashing library, very high level | ||
| PyNacl | 1,077 | 6 days ago | Python binding to the Networking and Cryptography (NaCl) library |
Tools / Application Templates | |||
| wemake-django-template | 2,002 | 8 days ago | Bleeding edge template focused on code quality and security |
Educational / Hacking Playground | |||
| Let's be bad Guys | 185 | 4 months ago | Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities |
| django.nV | 201 | about 3 years ago | django.nV is a purposefully vulnerable Django application provided by nVisium |
| DSVW | 785 | 5 months ago | Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes |
| DVPWA | 162 | 6 months ago | Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics |
Educational / Books | |||
| Full Stack Python Security | A comprehensive look at cybersecurity for Python developers | ||
Educational / Articles, Guides & Talks | |||
| cryptography | A package designed to expose cryptographic primitives and recipes to Python developers | ||
| 10 Common Security Gotchas in Python | 10 common security gotchas in Python and how to avoid them | ||
| OWASP Python Security | Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations | ||
| Django Security | Overview of Djangoβs security features includes advice on securing a Django-powered site | ||
Companies | |||
| GuardRails | A GitHub App that gives you instant security feedback in your Pull Requests | ||
| Snyk | A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies | ||
Other / Reporting Bugs | |||
| Python Security Reporting | |||
0ex/more-awesomeMore related projects:
-
gabdug/sync-pre-commit-lock
-
wemake-services/django-test-migrations
-
abatilo/actions-poetry
-
snok/flake8-type-checking
-
cjolowicz/cookiecutter-hypermodern-python
-
-
typeddjango/django-stubs
-
0xzdh/o365spray
-
apiflask/apiflask
-
tobi-de/fuzzy-couscous
-
mottosso/bleeding-rez
-
superlinear-ai/poetry-cookiecutter
-
dmyersturnbull/tyrannosaurus