OWASP Python Security

Main

![_lab_big.jpg](_lab_big.jpg "_lab_big.jpg")

Python Security is a free, open source, OWASP project that aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations.

The project is designed to explore how web applications can be developed in python by approaching the problem from three different angles:

Introduction

Python Security is a free, open source, OWASP project that aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations.

The project is designed to explore how web applications can be developed in python by approaching the problem from three different angles:

Security in python: white-box analysis, structural and functional analysis Security of python: black-box analysis, identify and address security-related issues Security with python: develop security hardened python suitable for high-risk and high-security environments

Licensing

License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project) This license is a community friendly license as recommended by OWASP. You can read more here:

What is the Python Security Project?

This is a list of security related research on python core modules by other researchers.

Project Founder

Project Leaders

</td>

Quick Download

    • OWASP Python Security Flyer
    • OWASP Python Security Flyer
    • </ul> </ul>

      Code Repository

      Code Repository

      </td> </tr> </tr> </tbody> </tbody> </table> </table> # Road Map and Getting Involved # Road Map and Getting Involved Please join the project's mailing lists to keep up-to-date with what's Please join the project's mailing lists to keep up-to-date with what's going on, and to contribute your ideas, feedback, and experience: going on, and to contribute your ideas, feedback, and experience: - [General - [General project](https://lists.owasp.org/mailman/listinfo/owasp_python_security_project) project](https://lists.owasp.org/mailman/listinfo/owasp_python_security_project) ## Current activities ## Current activities ### Technical Roadmap ### Technical Roadmap - [Technical Roadmap or TODO on - [Technical Roadmap or TODO on github](https://github.com/ebranca/owasp-pysec/blob/master/doc/ROADMAP.txt) github](https://github.com/ebranca/owasp-pysec/blob/master/doc/ROADMAP.txt) ### General Roadmap ### General Roadmap \- Set up website with wiki \- Set up website with wiki \- Configure mailing list \- Configure mailing list \- Configure github account and create code structure \- Configure github account and create code structure \- Create Project presentation and pamphlet \- Create Project presentation and pamphlet \- Publish initial batch of documents on python security issues and \- Publish initial batch of documents on python security issues and possible mitigations with code examples possible mitigations with code examples \- Create python secure coding area \- Create python secure coding area \- Introduce project to OWASP Chapters \- Introduce project to OWASP Chapters \- Publish initial version of python secure coding manual \- Publish initial version of python secure coding manual \- Publish hardened version of python coded for security purposes \- Publish hardened version of python coded for security purposes \- Document usage of code security policies and call whitelisting \- Document usage of code security policies and call whitelisting \- Document usage of message deduplication and data storage in hash \- Document usage of message deduplication and data storage in hash rings rings \- Document usage of ESAPI-extended security checks, including but not \- Document usage of ESAPI-extended security checks, including but not limited to controls applied to python internal calls, strings, limited to controls applied to python internal calls, strings, processes, permissions, and low level kernel calls processes, permissions, and low level kernel calls \- Create initial documentation of base libraries and modules \- Create initial documentation of base libraries and modules \- Release library to customizec and integrate OpenSSL and cURL \- Release library to customizec and integrate OpenSSL and cURL \- Release utility for SSL analysis of HTTPS communication over SSL \- Release utility for SSL analysis of HTTPS communication over SSL \- Release utility for SSL analysis of FTPS/FTPES communication over SSL \- Release utility for SSL analysis of FTPS/FTPES communication over SSL \- Release utility for analysis of POPS/IMAPS/SMTPS connections over SSL \- Release utility for analysis of POPS/IMAPS/SMTPS connections over SSL \- Release of utility for archival of SSL certificates and CRLs \- Release of utility for archival of SSL certificates and CRLs \- Release utility for PE extraction and hash generation from web files \- Release utility for PE extraction and hash generation from web files # Project Approach # Project Approach }} }} __NOTOC__ __NOTOC__ [AppSensor Project](Category:OWASP_Project "wikilink") [Category:OWASP [AppSensor Project](Category:OWASP_Project "wikilink") [Category:OWASP Project](Category:OWASP_Project "wikilink") Project](Category:OWASP_Project "wikilink") [Category:OWASP_Builders](Category:OWASP_Builders "wikilink") [Category:OWASP_Builders](Category:OWASP_Builders "wikilink") [Category:OWASP_Defenders](Category:OWASP_Defenders "wikilink") [Category:OWASP_Defenders](Category:OWASP_Defenders "wikilink") [Category:OWASP_Document](Category:OWASP_Document "wikilink") [Category:OWASP_Document](Category:OWASP_Document "wikilink") [Category:OWASP_Download](Category:OWASP_Download "wikilink") [Category:OWASP_Download](Category:OWASP_Download "wikilink") [Category:SAMM-EH-3](Category:SAMM-EH-3 "wikilink") [Category:SAMM-EH-3](Category:SAMM-EH-3 "wikilink") [Category:SAMM-SA-2](Category:SAMM-SA-2 "wikilink") [Category:SAMM-SA-2](Category:SAMM-SA-2 "wikilink")

Example

Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.