Skip to content

cyspad/django-insecure

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 

Repository files navigation

Simple Django application with a number of built-in security vulnerabilities

Corresponding article with examples and explanation: Stay paranoid and trust no one. Overview of common security vulnerabilities in web applications

Some of them are detected with bandit

Run it like this:

bandit -r ./insecure/security

To start the server:

python manage.py runserver

Contains examples of threats:

  • SQL injection

  • Command injection

  • Insecure deserialization (unsafe use of Python pickle)

  • Cross-site scripting (XSS)

  • Server Side Tempalte Injection (SSTI)

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%