Skip to content

The Python Version of our Not Go-ing Anywhere Vulnerable Application

License

Notifications You must be signed in to change notification settings

trailofbits/not-slithering-anywhere

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Overview

Not Slithering Anywhere is the Python(3) version of our Not Go-ing Anywhere vulnerable application. It is meant to demonstrate a number of security issues commonly found in Python applications, as well as serve as the basis for static & dynamic tool testing grounds.

Getting started

  1. Setup a venv ala python3 -m venv ~/.venv/class
  2. Enter your venv ala source ~/.venv/class/bin/activate
  3. Install dependencies: pip3 install -r requirements.txt
  4. Run the class: python3 app.py

The class itself uses common libraries such as flask, SQLAlchemy, and jinja2 to explain vulnerabilities.

Expected Vulnerabilities

Server

  1. Server Misconfiguration
    1. CORS
    2. Caching
  2. Injection Related
    1. XSS (technically separate according to OWASP)
    2. SQLi
    3. Server-Side Template Inclusion (SSTI)
  3. Incorrect data validation (paths)
  4. AuthN/AuthZ failures

General Python

  1. Unix & Python Environment
  2. Keys & Sensitive Data Storage
  3. Pickles & Serialization
  4. Dependencies & Tooling

About

The Python Version of our Not Go-ing Anywhere Vulnerable Application

Resources

License

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published