File tree 1 file changed +14
-0
lines changed
1 file changed +14
-0
lines changed Original file line number Diff line number Diff line change @@ -73,6 +73,8 @@ https://xianzhi.aliyun.com/forum/read/274.html
7373
7474[ Dangerous Python Functions, Part 3] ( https://www.kevinlondon.com/2017/01/30/dangerous-python-functions-pt3.html )
7575
76+ [ 记一下PythonWeb代码审计应该注意的地方] ( http://blog.neargle.com/2016/07/25/log-of-simple-code-review-about-python-base-webapp/ )
77+
7678[ 廖新喜大佬的python代码审计工具] ( https://github.com/shengqi158/pyvulhunter )
7779
7880[ 来自openstack安全团队的python代码静态审计工具] ( https://github.com/openstack/bandit )
@@ -135,6 +137,16 @@ https://www.pytosquatting.org/
135137
136138
137139
140+ ### XSS
141+
142+ [ Flask Debugger页面上的通用XSS漏洞分析和挖掘过程记录] ( http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/ )
143+
144+
145+
146+ SQLI
147+
148+ [ 讨论PythonWeb开发中可能会遇到的安全问题之SQL注入] ( http://blog.neargle.com/2016/07/22/pythonweb-framework-dev-vulnerable/ )
149+
138150### 其他
139151
140152[ 如何判断目标站点是否为Django开发] ( https://www.leavesongs.com/PENETRATION/detect-django.html )
@@ -151,6 +163,8 @@ https://www.pytosquatting.org/
151163
152164[ Programming Secure Web Applications in Python] ( https://www.thoughtco.com/programming-secure-web-applications-2813531 )
153165
166+ [ Advisory: HTTP Header Injection in Python urllib] ( http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html )
167+
154168
155169
156170### 安全工具
You can’t perform that action at this time.
0 commit comments