Skip to content

The Python Version of our Not Go-ing Anywhere Vulnerable Application

License

Notifications You must be signed in to change notification settings

Hinge/not-slithering-anywhere

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Overview

Not Slithering Anywhere is the Python(3) version of our Not Go-ing Anywhere vulnerable application. It is meant to demonstrate a number of security issues commonly found in Python applications, as well as serve as the basis for static & dynamic tool testing grounds.

Getting started

  1. Setup a venv ala python3 -m venv ~/.venv/class
  2. Enter your venv ala source ~/.venv/class/bin/activate
  3. Install dependencies: pip3 install -r requirements.txt
  4. Run the class: python3 app.py

The class itself uses common libraries such as flask, SQLAlchemy, and jinja2 to explain vulnerabilities.

Expected Vulernabilities

Server

  1. Server Misconfiguration
    1. CORS
    2. Caching
  2. Injection Related
    1. XSS (technically separate according to OWASP)
    2. SQLi
    3. Server-Side Template Inclusion (SSTI)
  3. Incorrect data validation (paths)
  4. AuthN/AuthZ failures

General Python

  1. Unix & Python Environment
  2. Keys & Sensitive Data Storage
  3. Pickles & Serialization
  4. Dependencies & Tooling

About

The Python Version of our Not Go-ing Anywhere Vulnerable Application

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 80.0%
  • HTML 19.3%
  • Shell 0.7%