Enhanced OWASP Top Ten Compliance Checker Library
Project description
Enhanced OWASP Top Ten Compliance Checker Library (owasp_checker_v2)
This Python library provides an advanced tool for automating the detection of web application, API, and dependency vulnerabilities based on the OWASP Top Ten. It integrates additional OWASP guidelines, modular scanning options, threat intelligence, and prioritization mechanisms.
Features
- Modular OWASP Top Ten Vulnerability Scanner
- NVD API Integration for Dependency Vulnerability Checking
- Real-Time Threat Intelligence Integration
- Risk-Based Vulnerability Prioritization
- OWASP Guidelines Scraper for Real-Time Updates
- Security Headers and Configuration Checker
- Injection Attack Simulation Module
- Remediation Suggestions and Reporting
- CI/CD Integration for Automated Security Checks
Installation
You can install the owasp_checker_v2 library using pip:
pip install owasp_checker_v2
Usage
Command Line Interface
You can use the owasp_checker_v2 library from the command line:
owasp_checker <url_to_scan> [--dependency-file <path_to_file>] [--dependency-file-type <file_type>] [--zap-proxy <proxy_address>] [--nvd-api-key <api_key>] [--vt-api-key <api_key>]
Python API
You can also use the library in your Python code:
from owasp_checker_v2 import OWASPChecker
checker = OWASPChecker()
results = checker.run_full_check('http://example.com', 'requirements.txt', 'requirements')
print("Vulnerabilities:")
for vuln in results['vulnerabilities']:
print(f"- {vuln['name']} (Risk Score: {vuln['risk_score']})")
print("\nOWASP Guidelines:")
for guideline_type, guidelines in results['guidelines'].items():
print(f"\n{guideline_type}:")
for key, value in guidelines.items():
print(f"- {key}: {value}")
Documentation
For more detailed information on how to use the library, please refer to the User Guide.
Changelog
We maintain a changelog to keep track of all notable changes to this project. You can find it in the CHANGELOG.md file.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request. Make sure to read the Contributing Guidelines first.
Code of Conduct
This project adheres to a Code of Conduct. By participating, you are expected to uphold this code.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- OWASP for their invaluable work in web application security
- The open-source community for their continuous support and contributions
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file owasp_checker_v2-1.0.0.tar.gz.
File metadata
- Download URL: owasp_checker_v2-1.0.0.tar.gz
- Upload date:
- Size: 39.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 88087890e77ef2899df7ef7c23ed34456a194914862365a3ff245f6c67e2de52 |
|
| MD5 | 70f5e361aa4dfa1991c1237b4dcc4d90 |
|
| BLAKE2b-256 | bf133b93c6abcaa26cd4a344bdec8863119dc5806a9201256066042f3dac6788 |
File details
Details for the file owasp_checker_v2-1.0.0-py3-none-any.whl.
File metadata
- Download URL: owasp_checker_v2-1.0.0-py3-none-any.whl
- Upload date:
- Size: 20.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 24db4d3d95c0f0b7d48ec7f34e60276a3451ce40298197e8ff00a61fe3811d09 |
|
| MD5 | 4c54daf1716833e7d51a468216475ce5 |
|
| BLAKE2b-256 | b817b9a34bdca114e980e31ddede0bb93cf934adda58abcd070b962efa1da9b5 |
