• Tools
• Educational
• Companies
• Other
• Contributing

• Secure.py – secure.py 🔒 is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
• Flask-HTTPAuth – Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
• Flask Talisman – Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
• Django deployment checklist – Web framework Django has built-in feature to check for security configurations: run this command manage.py check --deploy. It’s really helpful as it already included in the framework.
• Django Session CSRF – CSRF protection for Django without cookies.

• hawkeye – Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
• GuardRails – A GitHub App that gives you instant security feedback in your Pull Requests.
• Hubble – Hubble is a modular, open-source security compliance framework.
• Salus – Multi purpose security scanning tool supporting Ruby, Node, Python and Go.

• Bandit – Bandit is a tool designed to find common security issues in Python code.
• Pyt – A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
• Detect Secrets – An enterprise friendly way of detecting and preventing secrets in code.

• Safety – Safety checks your installed dependencies for known security vulnerabilities.
• snyk Vulnerability DB – Commercial but free listing of known vulnerabilities in libraries.
• Common Vulnerabilities and Exposures – Vulnerabilities that were assigned a CVE. Covers the language and packages.
• National Vulnerability Database – Python known vulnerabilities in the National Vulnerability Database.

• EvilTwinFramework – A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities.
• sqlmap – Automatic SQL injection and database takeover tool

• Passlib – Secure password storage/hashing library, very high level.
• PyNacl – Python binding to the Networking and Cryptography (NaCl) library.

• wemake-django-template – Bleeding edge django template focused on code quality and security.

• Let’s be bad Guys – Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
• django.nV – django.nV is a purposefully vulnerable Django application provided by nVisium.
• DSVW – Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
• DVPWA – Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.

• Full Stack Python Security – A comprehensive look at cybersecurity for Python developers

• cryptography – A package designed to expose cryptographic primitives and recipes to Python developers.
• 10 Common Security Gotchas in Python – 10 common security gotchas in Python and how to avoid them.
• OWASP Python Security – Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
• Django Security – Overview of Django’s security features includes advice on securing a Django-powered site.

• GuardRails – A GitHub App that gives you instant security feedback in your Pull Requests.
• Snyk – A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.

• Python Security Reporting

Found an awesome project, package, article, or another type of resources related to Python Security? Send me a pull request! Just follow the guidelines. Thank you!

say hi on Twitter