OWASP Python Security Project

Python Security is a free, open source, OWASP project that aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations.

The project is designed to explore how web applications can be developed in python by approaching the problem from three different angles:

This project source code is licensed under the Apache 2.0 license, which has no restriction except for attribution, and allows proprietary modifications and proprietary forks of this project. The project documentation is licensed under the Creative Commons license. You can use or modify PySec however you want, even include it in commercial products.

About Project

Security in python

White-box analysis, structural and functional analysis of python applications and open source code.

We focused our efforts on:

Security of python

Black-box analysis, identify and address security-related issues that can affect the interpreter.

We focused our efforts on:

Software Roadmap

Done | Work in progress | To do

  1. Create code structure
  2. os-like library
  3. sys-like library
  4. New logging library
  5. Library for file operations
  6. Library for memory limits
  7. Module loader with improved controls
  8. On-disk dictionaries
  9. Connect new logging with all core libraries
  10. String overflow tester
  11. New queue library
  12. New regex library
  13. New traceback library
  14. library for IP address translations
  15. export of all options to config file
  16. library for parsing configuration file
  17. FTP client library with basic operations
  18. Basic FTP server library
  19. FTP protocol analyzer
  20. POP3 client library with basic operations
  21. Basic POP3 server library
  22. POP3 protocol analyzer
  23. SMTP client library with basic operations
  24. Basic SMTP server library
  25. SMTP protocol analyzer
  26. IMAP4 client library with basic operations
  27. Basic IMAP4 server library
  28. IMAP4 protocol analyzer
  29. Hardened Socket library
  30. Socket overflow tester
  31. HTTP library with basic operations
  32. curl-like HTTP library
  33. HTTP protocol analyzer
  34. Hardened dns client library
  35. Hardened whois client library
  36. Library for OS privileges
  37. Library for OS permissions
  38. Library to create processes
  39. Library to implement fork
  40. Library to implement spawn
  41. Library to implement clone
  42. Library to manage single processes
  43. Library to execute system processes
  44. Library to create multiple sync processes
  45. Library to manage multiple sync processes
  46. Library to create multiple async processes
  47. Library to manage multiple async processes
  48. Whitelist and blacklist to filters data-flow
  49. Whitelist and blacklist to filters code-flow
  50. Porting of OpenSSL in python
  51. Library with SSL/TLS protocol ciphers
  52. Library with SSL/TLS blacklists
  53. Library with SSL/TLS feature decoders
  54. Remote HTTP active SSL/TLS analyzer
  55. Remote HTTP active PCI-DSSv2/3/4 analyzer

Software Development in GitHub

Clone or fork owasp-pysec from GitHub

git clone https://github.com/ebranca/owasp-pysec.git

Software Prerequisites

Software License

Apache 2.0 License

External Python Resources