Comprehensive Python Security Guide
Comprehensive Python Security Guide A practitioner’s defensive reference for securing Python applications — dangerous APIs, deserialization pitfalls, framework-specific risks, supply chain attacks, LLM-era CVEs, static analysis tooling, and hardening patterns. Compiled from 81 research sources. Table of Contents Fundamentals Dangerous Built-in APIs Insecure Deserialization Command & Code Injection SSRF & URL Parsing in Python Path Traversal, Tarfile, Zipfile Cryptography & Randomness Flask Security Django Security FastAPI & Other Frameworks Jinja2 & Server-Side Template Injection Package Supply Chain Attacks LLM / AI Framework CVEs ML Model Deserialization Attacks Notable Python CVEs (Stdlib) Static Analysis & SAST Secure Coding Patterns Hardening Checklist Tool Reference Detection Quick Reference 1. Fundamentals Python’s dynamism is both its selling point and its largest security footgun. Classes can be instantiated from strings, modules can be imported at runtime, objects can rewrite their own deserialization hooks, and the default serializer is Turing-complete. A defender cannot rely on the language to fail safe — every dangerous capability is a first-class primitive. ...