django-security alternatives

Looking for an alternative tool to replace django-security? During the review of django-security we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Bleach (sanitizing library for Django)
  2. django-guardian (per object permissions for Django)
  3. Arachni (web application scanner)

These tools are ranked as the best alternatives to django-security.

Alternatives (by score)

68

Bleach

Introduction

Bleach is a library for Django that can sanitize HTML by escaping and stripping harmful content. It provides a filter for untrusted content and disarms potential unwanted scripts from the input. This may be useful to apply to data that is transmitted via HTML forms or otherwise.

Project details

Bleach is written in Python.

Strengths and weaknesses

  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

    Typical usage

    • Data sanitizing

    Bleach review

    96

    django-guardian

    Introduction

    The django-guardian project is typically used in environments and projects where the default Django permissions are not enough. For example, an application with multiple users and many objects may require detailed permissions on who can see a particular record. This could go as far as giving only the creator of a record (=object) access plus the people with a particular access level.

    Project details

    django-guardian is written in Python.

    Strengths and weaknesses

    • + More than 1000 GitHub stars
    • + The source code of this software is available
    • + Well-known tool

      Typical usage

      • Application security

      django-guardian review

      74

      Arachni

      Introduction

      Arachni is framework written in Ruby with focus on evaluating the security of web applications. Typical users include security professionals and system administrators.

      The tooling is free and open source. Besides Linux, it also runs on macOS and Microsoft Windows.

      Project details

      Arachni is written in Ruby.

      Strengths and weaknesses

      • + More than 1000 GitHub stars
      • + The source code of this software is available

        Typical usage

        • Penetration testing
        • Security assessment
        • Web application analysis

        Arachni review

        64

        w3af

        Introduction

        W3af is an open source web application attack and audit framework and helps in scanning for vulnerabilities. The tool comes with both a graphical user interface (GUI) and command line utility. Some of the project files include a copyright line of 2006. That gives a good idea on the maturity of the project, and it is one of the rare tools that is still maintained after so many years.

        Project details

        w3af is written in Python.

        Strengths and weaknesses

        • + Tool is modular and extendable
        • + More than 2000 GitHub stars
        • + The source code of this software is available

          Typical usage

          • Application security
          • Application testing
          • Penetration testing
          • Vulnerability scanning
          • Web application analysis

          w3af review

          64

          Yasuo

          Introduction

          Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications. There are many remotely exploitable vulnerabilities for web applications and their front-end components. Yasuo helps to make it easier to scan for the weaknesses like remote code execution (RCE), SQL injections, and file inclusions.

          Project details

          Yasuo is written in Ruby.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Penetration testing
            • Vulnerability scanning
            • Web application analysis

            Yasuo review

            93

            ZAP (Zed Attack Proxy)

            Introduction

            ZAP is an intercepting proxy of web traffic. You will need to configure your browser to connect to the web application you wish to test through ZAP.

            Note: Zed Attack Proxy, or ZAP, is also known as zaproxy.

            Project details

            ZAP is written in Java.

            Strengths and weaknesses

            • + More than 50 contributors
            • + More than 2000 GitHub stars
            • + Many maintainers
            • + The source code of this software is available
            • - Many reported issues are still open

            Typical usage

            • Penetration testing
            • Security assessment
            • Software testing
            • Web application analysis

            ZAP review

            60

            seespee

            Introduction

            Seespee helps to crawl a website and define a suitable Content Security Policy (CSP). The related Content-Security-Policy header can be added with the discovered value. This header defines what local and external resources can be loaded on a website.

            Project details

            seespee is written in JavaScript.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Application security

              seespee review

              64

              SQLMate

              Introduction

              SQLMate is a tool to perform security assessments and vulnerability of web applications. It can discover admin panels of websites, which might be a way to break into a web application. It also has the option for dorking, which means it can find possible vulnerable targets to a particular attack.

              Project details

              SQLMate is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available
              • - No releases on GitHub available

              Typical usage

              • Penetration testing
              • Web application analysis

              SQLMate review

              60

              Wfuzz

              Introduction

              Wfuzz is a fuzzing tool written in Python. Tools like Wfuzz are typically used to test web applications and how they handle both expected as unexpected input.

              Project details

              Wfuzz is written in Python.

              Strengths and weaknesses

              • + More than 1000 GitHub stars
              • + The source code of this software is available

                Typical usage

                • Application fuzzing
                • Application security
                • Application testing
                • Web application analysis

                Wfuzz review

                74

                WordPress Exploit Framework (WPXF)

                Introduction

                WordPress is still one of the most popular frameworks for websites. A variety of open source tools exist to assess the security of this content management system, and its themes and plugins.

                Project details

                WordPress Exploit Framework is written in Ruby.

                Strengths and weaknesses

                • + More than 500 GitHub stars
                • + The source code of this software is available
                • - Has longer learning curve

                Typical usage

                • Penetration testing
                • Security assessment
                • Vulnerability scanning
                • Web application analysis

                WordPress Exploit Framework review

                85

                django-axes

                Introduction

                This tool may be used by developers that work with the Django framework. It adds a security layer on top of the application by looking at login attempts and track them.

                Project details

                django-axes is written in Python.

                Strengths and weaknesses

                • + More than 50 contributors
                • + The source code of this software is available

                  Typical usage

                  • Application security

                  django-axes review

                  60

                  hsecscan (hsecscan)

                  Introduction

                  The hsecscan utility is written in Python and opens a connection (via HTTP or HTTPS) to the related web server. It will return all headers found and includes an explanation of what each header does. Any security recommendations are listed as well.

                  Project details

                  hsecscan is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available

                    Typical usage

                    • Information gathering
                    • Learning
                    • Penetration testing
                    • Security assessment
                    • Web application analysis

                    hsecscan review

                    76

                    django-defender (Django Defender)

                    Introduction

                    Django-defender is a reusable app for Django that blocks people from performing brute forcing login attempts.

                    Project details

                    django-defender is written in Python.

                    Strengths and weaknesses

                    • + More than 10 contributors
                    • + The source code of this software is available

                      Typical usage

                      • Application security

                      django-defender review

                      74

                      django-sudo

                      Introduction

                      For some destructive events like removing an account, you may want to revalidate if the user really wants to continue. To ensure it is the actual owner of the account, django-sudo requests authentication again within the web application. GitHub uses this as well for some events like ownership changes and deletions.

                      Project details

                      django-sudo is written in Python.

                      Strengths and weaknesses

                      • + More than 10 contributors
                      • + The source code of this software is available

                        Typical usage

                        • Application security

                        django-sudo review

                        78

                        OSHP (OWASP Secure Headers Project)

                        Introduction

                        OSHP is short for OWASP SecureHeaders Project. The project publishes reports on the usage of HTTP headers. This includes usage stats, developments, and changes. It provides awareness on HTTP headers and has the goal to improve the adoption rate.

                        Project details

                        OSHP is written in Python.

                        Strengths and weaknesses

                        • + The source code of this software is available

                          Typical usage

                          • Data extraction
                          • Information gathering
                          • Information sharing
                          • Security awareness

                          OSHP review

                          64

                          shcheck (Security Header Check)

                          Introduction

                          This simple tool is a good option to test if advised HTTP headers are available on web application and websites. It can be used as a defensive measure during development, or offensive to find weaknesses in existing applications.

                          Project details

                          shcheck is written in Python.

                          Strengths and weaknesses

                          • + Very low number of dependencies
                          • + The source code of this software is available
                          • - No releases on GitHub available

                          Typical usage

                          • Application security
                          • Web application analysis

                          shcheck review

                          97

                          Commix

                          Introduction

                          Commix is short for COMMand Injection eXploiter.

                          Project details

                          Commix is written in Python.

                          Strengths and weaknesses

                          • + More than 10 contributors
                          • + More than 1000 GitHub stars
                          • + The source code of this software is available

                            Commix review

                            64

                            DorkNet

                            Introduction

                            DorkNet helps with the discovery of vulnerable web apps. It is a script written in Python that leverages Selenium.

                            Project details

                            DorkNet is written in Python.

                            Strengths and weaknesses

                            • + The source code of this software is available

                              Typical usage

                              • Security assessment
                              • Vulnerability scanning
                              • Web application analysis

                              DorkNet review

                              60

                              iniscan

                              Introduction

                              Iniscan scans a given php.ini file and tests it against security best practices. It reports back the results by showing a Pass or Fail for each related test. As it is a command-line utility, it can be used in automated testing.

                              Project details

                              iniscan is written in PHP.

                              Strengths and weaknesses

                              • + More than 25 contributors
                              • + More than 1000 GitHub stars
                              • + The source code of this software is available

                                Typical usage

                                • Configuration audit
                                • Security assessment

                                iniscan review

                                60

                                Jackhammer

                                Introduction

                                The tool uses RBAC (Role Based Access Control) with different levels of access. Jackhammer uses several tools to do dynamic and static code analysis (e.g. for Java, Ruby, Python, and Nodejs). It checks also for vulnerabilities in libraries. Due to its modular architecture, it can use several scanners out of the box, with options to add your own.

                                The Jackhammer project was initially added to GitHub on the 8th of May, 2017.

                                Project details

                                Jackhammer is written in Ruby.

                                Strengths and weaknesses

                                • + The source code of this software is available

                                  Typical usage

                                  • Collaboration
                                  • Information sharing

                                  Jackhammer review

                                  64

                                  Jawfish

                                  Introduction

                                  Jawfish is a security tool to test web applications. It can find related exploits and update according to an internal database.

                                  Project details

                                  Jawfish is written in Python.

                                  Strengths and weaknesses

                                  • + The source code of this software is available

                                    Typical usage

                                    • Penetration testing
                                    • Security assessment
                                    • Vulnerability scanning
                                    • Web application analysis

                                    Jawfish review

                                    78

                                    JoomScan

                                    Introduction

                                    JoomScan could be used to test your Joomla installation or during security assessments. As it has a primary focus on Joomla, it may provide better results than generic vulnerability scanners.

                                    Project details

                                    JoomScan is written in Perl.

                                    Strengths and weaknesses

                                    • + The source code of this software is available

                                      Typical usage

                                      • Vulnerability scanning
                                      • Vulnerability testing

                                      JoomScan review

                                      64

                                      jSQL Injection

                                      Introduction

                                      jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.

                                      Project details

                                      jSQL Injection is written in Java.

                                      Strengths and weaknesses

                                      • + The source code of this software is available
                                      • - Full name of author is unknown

                                      Typical usage

                                      • Database security

                                      jSQL Injection review

                                      74

                                      Suhosin

                                      Introduction

                                      Suhosin is a security extension for PHP and consists of two parts that enhance PHP. It helps with protecting against known and unknown attacks.

                                      Project details

                                      Suhosin is written in C.

                                      Strengths and weaknesses

                                      • + The source code of this software is available
                                      • - Well-known tool

                                      Typical usage

                                      • Application security

                                      Suhosin review

                                      64

                                      Susanoo

                                      Introduction

                                      Susanoo is a security tool to test the security of a REST API. With this focus, it goes beyond the typical attack surface of a web application.

                                      Project details

                                      Susanoo is written in Python.

                                      Strengths and weaknesses

                                      • + The source code of this software is available

                                        Typical usage

                                        • API testing
                                        • Application testing

                                        Susanoo review

                                        Some relevant tool missing as an alternative to django-security? Please contact us with your suggestion.