awesome-python-security
github.com/guardrailsio/awesome-python-security βAwesome Python Security resources πΆππ
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me articles, guides & talks resources from awesome-python-security"
Installation instructions βWhat's inside
Articles, Guides & Talks
- 10 Common Security Gotchas in Python
10 common security gotchas in Python and how to avoid them.
- cryptography
A package designed to expose cryptographic primitives and recipes to Python developers.
- Django Security
Overview of Djangoβs security features includes advice on securing a Django-powered site.
- GuardRails
A GitHub App that gives you instant security feedback in your Pull Requests.
- OWASP Python Security
Aims at creating a hardened version of python that makes it easier for developers to write applications more resilient to attacks and manipulations.
- Snyk
A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.
Static Code Analysis
- Bandit
Bandit is a tool designed to find common security issues in Python code.
- Detect Secrets
An enterprise friendly way of detecting and preventing secrets in code.
- Pyt
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications.
Vulnerabilities and Security Advisories
- Common Vulnerabilities and Exposures
Vulnerabilities that were assigned a CVE. Covers the language and packages.
- National Vulnerability Database
Python known vulnerabilities in the National Vulnerability Database.
- Safety
Safety checks your installed dependencies for known security vulnerabilities.
- snyk Vulnerability DB
Commercial but free listing of known vulnerabilities in libraries.
Web Framework Hardening
- Django deployment checklist
Web framework Django has built-in feature to check for security configurations: run this command
- Django Session CSRF
CSRF protection for Django without cookies.
- Flask-HTTPAuth
Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes.
- Flask Talisman
Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
- Secure.py
secure.py π is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
Hacking Playground
- django.nV
django.nV is a purposefully vulnerable Django application provided by nVisium.
- DSVW
Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes.
- DVPWA
Damn Vulnerable Python Web Application was inspired by famous dvwa project and bobby-tables xkcd comics.
- Let's be bad Guys
Shiny, Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities.
Penetration Testing
- EvilTwinFramework
A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities.
- sqlmap
Automatic SQL injection and database takeover tool
Books
- Full Stack Python Security
A comprehensive look at cybersecurity for Python developers
Multi tools
- GuardRails
A GitHub App that gives you instant security feedback in your Pull Requests.
- hawkeye
Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
- Hubble
Hubble is a modular, open-source security compliance framework.
- Salus
Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
Showing a sample of 33 resources. View the full list on GitHub β