Python security tools

Tools

Bandit (Python static code analyzer)

code analysis

Bandit is a tool that can be used during development or afterward. Typically this is used by developers to find common security issues in Python code before putting the code in production. Another use-case would be to use this tool to analyze existing projects and find possible flaws.

PyT (static code analyzer for Python)

code analysis

Python Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.

Safety (vulnerability scanner for software dependencies)

penetration testing, security assessment, security monitoring, vulnerability scanning

When having applications deployed in your environment, not all of those may be installed via a package manager. When your infrastructure grows, it becomes even harder to know which tools are properly patched and which ones are not. For Python applications, this is where Safety comes in that can help scan installed software components via pip. It will also look at any of the dependencies that are installed.

Yosai (security framework for Python applications)

application security, audit logging, identity and access management

Yosai is a security framework for Python applications and adds authentication, authorization, and session management capabilities. Features include Role-Based Access Control (RBAC), two-factor authentication, and Time-based One-Time Passwords (TOTP). Besides a focus on the authentication and authorization, Yosai enables an audit trail of all relevant events.

As each framework comes with some overhead, Yosai aims to leverage caching and serialization where possible.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.