An ongoing collection of Python language tools and frameworks, software, libraries, learning tutorials, frameworks, academic and practical resources. Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.
- Secure.py - secure.py 🔒 is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
- Flask-HTTPAuth - Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
- Flask Talisman - Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
- Django Session CSRF - CSRF protection for Django without cookies.
- hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- Hubble - Hubble is a modular, open-source security compliance framework.
- Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
- Bandit - Bandit is a tool designed to find common security issues in Python code.
- Pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
- Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.
- Safety - Safety checks your installed dependencies for known security vulnerabilities.
- snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in libraries.
- Common Vulnerabilities and Exposures - Vulnerabilities that were assigned a CVE. Covers the language and packages.
- National Vulnerability Database - Python known vulnerabilities in the National Vulnerability Database.
- EvilTwinFramework - A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities.
- sqlmap - Automatic SQL injection and database takeover tool
- Passlib - Secure password storage/hashing library, very high level.
- PyNacl - Python binding to the Networking and Cryptography (NaCl) library.
- wemake-django-template - Bleeding edge
djangotemplate focused on code quality and security.
- Let's be bad Guys - Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
- django.nV - django.nV is a purposefully vulnerable Django application provided by nVisium.
- DSVW - Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
- DVPWA - Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.
- Full Stack Python Security - A comprehensive look at cybersecurity for Python developers
- cryptography - A package designed to expose cryptographic primitives and recipes to Python developers.
- 10 Common Security Gotchas in Python - 10 common security gotchas in Python and how to avoid them.
- OWASP Python Security - Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
- Django Security - Overview of Django’s security features includes advice on securing a Django-powered site.
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- Snyk - A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.
Found an awesome project, package, article, or another type of resources related to Python Security? Send me a pull request! Just follow the guidelines. Thank you!
MIT License & cc license
This work is licensed under a Creative Commons Attribution 4.0 International License.
To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work. Just follow the guidelines. Thank you!