OWASP Python Security Project

Python Security is a free, open source, OWASP project that aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations.

The project is designed to explore how web applications can be developed in python by approaching the problem from three different angles:

This project source code is licensed under the Apache 2.0 license, which has no restriction except for attribution, and allows proprietary modifications and proprietary forks of this project. The project documentation is licensed under the Creative Commons license. You can use or modify PySec however you want, even include it in commercial products.


About Project

Security in python

White-box analysis, structural and functional analysis of python applications and open source code.

We focused our efforts on:

Security of python

Black-box analysis, identify and address security-related issues that can affect the interpreter.

We focused our efforts on:


Software Development in GitHub

Clone or fork owasp-pysec from GitHub

git clone https://github.com/ebranca/owasp-pysec.git

Software Prerequisites

Install

git clone https://github.com/ebranca/owasp-pysec.git cd owasp-pysec/ python2.7 setup.py install

Software License

Apache 2.0 License


Software Roadmap

Full details on project roadmap can be found in package documentation.
To access the text file in github follow this link ROADMAP.txt

Internal Data Network Utility
Layer 0
  • OS-like
  • sys-like
  • Memory-space
  • Queue
  • OS-privileges
  • OS-permissions
  • Process-fork
  • Process-spawn
  • Process-clone
  • Stat-umask
  • Sysvar
  • Endian
  • Variables
  • Error
  • String
  • Binary
  • logging
  • Py-call-table
Layer 1
  • File-simple
  • File-special
  • Memory-limits
  • Memory-secheap
  • Traceback
  • Process
  • Directory
  • Unicode-patterns
  • Data-entropy
  • IP-address
  • Socket
  • Module-loader
  • Number
  • Regex
  • File-magic
  • String-whitelist
  • String-blacklist
  • Binary-whitelist
  • Binary-blacklist
  • Sys-entropy
Layer 2
  • Sequence
  • Process-sync
  • Process-async
  • Socket-ops
  • Tester
  • zlib
  • zip
  • Tar-gnu
  • GZip
  • Random-num-gen
  • Unicode
  • IP-address-ops
  • Config
  • Math
  • Crypto-hash
  • Random-hash
  • Memory-obj-checksum
Layer 3
  • Process-exec
  • Process-multi-sync
  • Process-multi-async
  • MIME
  • String-patterns
  • Binary-patterns
  • JSON
  • YAML
  • CSV
  • On-disk-dicts
  • On-disk-lists
  • SSL-ASN1
  • SSL-ciphers
  • Network-core
  • Net-errcode
  • DNS
  • File-entropy
  • Fuzzy-hash
  • Random-test
Layer 4
  • Proc-multi-sync-mng
  • Proc-multi-async-mng
  • KyotoCabinet
  • FTP
  • POP3
  • SMTP
  • IMAP4
  • HTTP
  • cURL-like
  • WhoIs
  • Secpy-ssl
  • SSH-patterns
  • Protocol-headers
  • Useragent-pattern
  • Image-pattern
  • Image-parser
  • Exif
  • MS-OLE
  • MS-PE
  • CryptoKey
  • String-attack
  • Useragent
  • Web-cookie
Layer 5
  • Image-jpeg
  • Image-gif
  • Image-bmp
  • Image-png
  • Image-tiff
  • POP3-server
  • STMP-server
  • FTP-server
  • SSH
  • FTPES
  • POP3S
  • SMTPS
  • IMAP4S
  • HTTPS
  • SSL-cURL
  • HTTP-server
  • IMAP4-server
  • DNSsec
  • DNS-cache
  • Virus-rules
  • Authenticode
Layer 6
  • DNS-proxy
  • FTP-protocol-analyzer
  • POP3-protocol-analyzer
  • SMTP-protocol-analyzer
  • IMAP-protocol-analyzer
  • HTTP-protocol-analyzer
  • DNS-analyzer
  • jpeg-analyzer
  • gif-analyzer
  • SSL-analyzer
  • SSH-analyzer
  • Socket-gif-hack
  • PCI-DSS-analyzer
  • Modules Repository
  • Hash-PyPI-modules
  • Image-entropy

External Python Resources