├── CONTRIBUTING.MD
├── code-of-conduct.md
└── README.md
/CONTRIBUTING.MD:
--------------------------------------------------------------------------------
1 | # Contribution Guidelines
2 |
3 | 1. Read and adhere to the [Code-of-Conduct](./code-of-conduct.md)
4 | 2. Make sure you put things in the right category!
5 | 3. Always add your items to the end of a list. To be fair, the order is first-come-first-serve.
6 | 4. If you think something belongs in the wrong category, or think there needs to be a new category, feel free to edit things too.
7 |
8 | Please ensure your pull request adheres to the following guidelines:
9 |
10 | - Search previous suggestions before making a new one, as yours may be a duplicate.
11 | - Suggested READMEs should be beautiful or stand out in some way.
12 | - Make an individual pull request for each suggestion.
13 | - New categories, or improvements to the existing categorization are welcome.
14 | - Keep descriptions short and simple, but descriptive.
15 | - Start the description with a capital and end with a full stop/period.
16 | - Check your spelling and grammar.
17 | - Make sure your text editor is set to remove trailing whitespace.
18 |
19 | Thank you for your suggestions!
20 |
--------------------------------------------------------------------------------
/code-of-conduct.md:
--------------------------------------------------------------------------------
1 | # Contributor Covenant Code of Conduct
2 |
3 | ## Our Pledge
4 |
5 | In the interest of fostering an open and welcoming environment, we as
6 | contributors and maintainers pledge to making participation in our project and
7 | our community a harassment-free experience for everyone, regardless of age, body
8 | size, disability, ethnicity, sex characteristics, gender identity and expression,
9 | level of experience, education, socio-economic status, nationality, personal
10 | appearance, race, religion, or sexual identity and orientation.
11 |
12 | ## Our Standards
13 |
14 | Examples of behavior that contributes to creating a positive environment
15 | include:
16 |
17 | * Using welcoming and inclusive language
18 | * Being respectful of differing viewpoints and experiences
19 | * Gracefully accepting constructive criticism
20 | * Focusing on what is best for the community
21 | * Showing empathy towards other community members
22 |
23 | Examples of unacceptable behavior by participants include:
24 |
25 | * The use of sexualized language or imagery and unwelcome sexual attention or
26 | advances
27 | * Trolling, insulting/derogatory comments, and personal or political attacks
28 | * Public or private harassment
29 | * Publishing others' private information, such as a physical or electronic
30 | address, without explicit permission
31 | * Other conduct which could reasonably be considered inappropriate in a
32 | professional setting
33 |
34 | ## Our Responsibilities
35 |
36 | Project maintainers are responsible for clarifying the standards of acceptable
37 | behavior and are expected to take appropriate and fair corrective action in
38 | response to any instances of unacceptable behavior.
39 |
40 | Project maintainers have the right and responsibility to remove, edit, or
41 | reject comments, commits, code, wiki edits, issues, and other contributions
42 | that are not aligned to this Code of Conduct, or to ban temporarily or
43 | permanently any contributor for other behaviors that they deem inappropriate,
44 | threatening, offensive, or harmful.
45 |
46 | ## Scope
47 |
48 | This Code of Conduct applies both within project spaces and in public spaces
49 | when an individual is representing the project or its community. Examples of
50 | representing a project or community include using an official project e-mail
51 | address, posting via an official social media account, or acting as an appointed
52 | representative at an online or offline event. Representation of a project may be
53 | further defined and clarified by project maintainers.
54 |
55 | ## Enforcement
56 |
57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
58 | reported by contacting the project team at [stefan@guardrails.io](mailto:stefan@guardrails.io). All
59 | complaints will be reviewed and investigated and will result in a response that
60 | is deemed necessary and appropriate to the circumstances. The project team is
61 | obligated to maintain confidentiality with regard to the reporter of an incident.
62 | Further details of specific enforcement policies may be posted separately.
63 |
64 | Project maintainers who do not follow or enforce the Code of Conduct in good
65 | faith may face temporary or permanent repercussions as determined by other
66 | members of the project's leadership.
67 |
68 | ## Attribution
69 |
70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
72 |
73 | [homepage]: https://www.contributor-covenant.org
74 |
75 | For answers to common questions about this code of conduct, see
76 | https://www.contributor-covenant.org/faq
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | A curated list of awesome Python security related resources.
5 |
6 | [](https://awesome.re)
7 |
8 | _List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._
9 |
10 | Supported by: [GuardRails.io](https://www.guardrails.io)
11 |
12 |
13 |
14 |
15 | # Contents
16 | - [Tools](#tools)
17 | - [Educational](#educational)
18 | - [Companies](#companies)
19 | - [Other](#other)
20 | - [Contributing](#contributing)
21 |
22 | # Tools
23 |
24 | ## Web Framework Hardening
25 |
26 | - [Secure.py](https://github.com/cakinney/secure.py) - secure.py 🔒 is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
27 | - [Flask-HTTPAuth](https://github.com/miguelgrinberg/flask-httpauth/) - Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
28 | - [Flask Talisman](https://github.com/GoogleCloudPlatform/flask-talisman) - Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
29 | - [Django deployment checklist](https://docs.djangoproject.com/en/dev/howto/deployment/checklist/) - Web framework Django has built-in feature to check for security configurations: run this command `manage.py check --deploy`. It's really helpful as it already included in the framework.
30 | - [Django Session CSRF](https://github.com/mozilla/django-session-csrf) - CSRF protection for Django without cookies.
31 |
32 | ## Multi tools
33 |
34 | - [hawkeye](https://github.com/hawkeyesec/scanner-cli) - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
35 | - [GuardRails](https://github.com/apps/guardrails) - A GitHub App that gives you instant security feedback in your Pull Requests.
36 | - [Hubble](https://github.com/hubblestack/hubble) - Hubble is a modular, open-source security compliance framework.
37 | - [Salus](https://github.com/coinbase/salus) - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
38 |
39 | ## Static Code Analysis
40 |
41 | - [Bandit](https://github.com/PyCQA/bandit) - Bandit is a tool designed to find common security issues in Python code.
42 | - [Pyt](https://github.com/python-security/pyt) - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
43 | - [Detect Secrets](https://libraries.io/pypi/detect-secrets) - An enterprise friendly way of detecting and preventing secrets in code.
44 |
45 | ## Vulnerabilities and Security Advisories
46 |
47 | - [Safety](https://github.com/pyupio/safety) - Safety checks your installed dependencies for known security vulnerabilities.
48 | - [snyk Vulnerability DB](https://snyk.io/vuln?type=pip) - Commercial but free listing of known vulnerabilities in libraries.
49 | - [Common Vulnerabilities and Exposures](https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html) - Vulnerabilities that were assigned a CVE. Covers the language and packages.
50 | - [National Vulnerability Database](https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=python&search_type=all) - Python known vulnerabilities in the National Vulnerability Database.
51 |
52 | ## Penetration Testing
53 |
54 | - [EvilTwinFramework](https://github.com/Esser420/EvilTwinFramework) - A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities.
55 | - [sqlmap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool
56 |
57 | ## Cryptography
58 |
59 | - [Passlib](https://bitbucket.org/ecollins/passlib) - Secure password storage/hashing library, very high level.
60 | - [PyNacl](https://github.com/pyca/pynacl) - Python binding to the Networking and Cryptography (NaCl) library.
61 |
62 | ## Application Templates
63 |
64 | - [wemake-django-template](https://github.com/wemake-services/wemake-django-template) - Bleeding edge `django` template focused on code quality and security.
65 |
66 | # Educational
67 |
68 | ## Hacking Playground
69 |
70 | - [Let's be bad Guys](https://github.com/mpirnat/lets-be-bad-guys) - Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
71 | - [django.nV](https://github.com/nVisium/django.nV) - django.nV is a purposefully vulnerable Django application provided by nVisium.
72 | - [DSVW](https://github.com/stamparm/DSVW) - Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
73 | - [DVPWA](https://github.com/anxolerd/dvpwa) - Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.
74 |
75 | ## Books
76 |
77 | - [Full Stack Python Security](https://www.manning.com/books/full-stack-python-security) - A comprehensive look at cybersecurity for Python developers
78 |
79 | ## Articles, Guides & Talks
80 |
81 | - [cryptography](https://cryptography.io/en/latest/) - A package designed to expose cryptographic primitives and recipes to Python developers.
82 | - [10 Common Security Gotchas in Python](https://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03) - 10 common security gotchas in Python and how to avoid them.
83 | - [OWASP Python Security](http://www.pythonsecurity.org/) - Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
84 | - [Django Security](https://docs.djangoproject.com/en/2.1/topics/security/) - Overview of Django’s security features includes advice on securing a Django-powered site.
85 |
86 | # Companies
87 |
88 | - [GuardRails](https://www.guardrails.io) - A GitHub App that gives you instant security feedback in your Pull Requests.
89 | - [Snyk](https://snyk.io) - A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.
90 |
91 | # Other
92 |
93 | ## Reporting Bugs
94 |
95 | - [Python Security Reporting](https://www.python.org/news/security/)
96 |
97 | # Contributing
98 |
99 | Found an awesome project, package, article, or another type of resources related to Python Security? Send me a pull request!
100 | Just follow the [guidelines](/CONTRIBUTING.md). Thank you!
101 |
102 | ---
103 |
104 | say _hi_ on [Twitter](https://twitter.com/s_streichsbier)
105 |
106 | ## License
107 |
108 | [](http://creativecommons.org/publicdomain/zero/1.0/)
109 |
--------------------------------------------------------------------------------