Skip to main content

DAST Security Helpers

Project description

Sec-helpers

Collection of dynamic security related helpers (DAST).

Sec-helpers is a bundle of useful tests and validators to ensure the security of a given domain.

Usage

  1. Install package pip install sec-helpers: https://pypi.org/project/sec-helpers
  2. Copy and change the following to run all the tests:
import sec_helpers

domain: str = 'vwt-digital.github.io' # {domain}.{tld}

sec_helpers.CorsPolicy(domain=domain)
sec_helpers.HighTls(domain=domain, slide=False) # Slide is False by default
sec_helpers.Hsts(domain=domain, age=10368000) # Age is 10368000 by default
sec_helpers.NoHttp(domain=domain)
sec_helpers.NoSsl(domain=domain)

Do you want all the sec-helpers ready in a container? Configure cloudbuilders-dast.

Exception

'NoSsl' requires and OpenSSL version with SSLv3 enabled. Check this Dockerfile and can be run using the following:
sec_helpers.NoSsl(domain={domain}.{tld}), but will result in exit code 0 when the wrong openssl version is present.

Helpers

NoHttp

Ensures domain redirects on http (and checks if https is active to not pass on incorrect domain)

Hsts

Ensures that the Strict-Transport-Security header on the domain is higher than 10368000

HighTls

Ensures that TLS versions on domain are inline with Mozilla's recommended configurations

NoSsl

Ensures that no SSL version is used.

CorsPolicy

Ensures that Allowed Origins are specified.

Examples

sec_helpers.HighTls({domain}.com)

-------
Protocol: TLSv1.3
Should be active: True
	Wrong configuration

-------
Protocol: TLSv1.2
Should be active: True
Connected with: TLSv1.2
Using cipher: ('{cipher_info}', 'TLSv1.2', 128)

-------
Protocol: TLSv1
Should be active: False

-------
Protocol: TLSv1.1
Should be active: False
Connected with: TLSv1.1
Using cipher: ('{cipher_info}', 'TLSv1.0', 128)
	Wrong configuration

Test on {domain}.com failed

TLSv1.3 is not active on domain: HighTls will fail. TLSv1.1 is active on domain: HighTls will fail.


sec_helpers.NoHttp({domain}.com)

Starting GET request to http://{domain}.com
GET request to http://{domain}.com returned status 302
Starting GET request to https://{domain}.com
GET request to https://{domain}.com returned status 200
Successful http status check: http is disabled or redirects to https

Http request returned 302 Found redirect. Https returned 200. NoHttp passed.


sec_helpers.Hsts({domain}.com)

Starting GET request to http://{domain}.com
Strict-Transport-Security header on https://{domain}.com returned max-age=31536000
Successful HSTS status check

Strict Transport Security header found, with max age 31536000. Hsts passed.


sec_helpers.CorsPolicy({domain}.com)

Failing policy test: No Allowed Origins Specified

No allowed origins specified. CorsPolicy failed.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sec-helpers-0.3.3.tar.gz (5.2 kB view details)

Uploaded Source

Built Distribution

sec_helpers-0.3.3-py3-none-any.whl (19.4 kB view details)

Uploaded Python 3

File details

Details for the file sec-helpers-0.3.3.tar.gz.

File metadata

  • Download URL: sec-helpers-0.3.3.tar.gz
  • Upload date:
  • Size: 5.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.15.0 pkginfo/1.7.0 requests/2.25.1 setuptools/50.3.2 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.5.2

File hashes

Hashes for sec-helpers-0.3.3.tar.gz
Algorithm Hash digest
SHA256 9d35c99a8639193cfb188feab4adf4a7c4198643c5b5e503c7606b2fa16a47b2
MD5 f12eefd152bc10d2bbf94aa988b3ca51
BLAKE2b-256 c74a5ccd13c897e3045820811c373399f1d2dd76a7f492cad98b4c3d67954fd5

See more details on using hashes here.

File details

Details for the file sec_helpers-0.3.3-py3-none-any.whl.

File metadata

  • Download URL: sec_helpers-0.3.3-py3-none-any.whl
  • Upload date:
  • Size: 19.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.15.0 pkginfo/1.7.0 requests/2.25.1 setuptools/50.3.2 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.5.2

File hashes

Hashes for sec_helpers-0.3.3-py3-none-any.whl
Algorithm Hash digest
SHA256 9c4798c4aae7501aeb2593d1493745e3a3ffed4b2ebf8f3ba60f25f975821991
MD5 2b465f1457379bf1bab5c48c2fdec5c4
BLAKE2b-256 a89e5c3033b39e45d5078818e250af61508f8ed6e9aa4a74e7a4a8a2a3d1ce98

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page