Welcome to our repository! This repository contains a collection of Python projects and JSON files designed to test and analyze security vulnerabilities using the Bandit static analysis tool. It serves as a comprehensive resource for exploring common vulnerabilities and evaluating Bandit's detection capabilities.
- A variety of Python scripts showcasing intentional vulnerabilities, such as:
- Hardcoded secrets
- SQL injection
- Command injection
- Insecure deserialization
- Use of weak cryptographic algorithms
- Cross-Site Scripting (XSS)
- Server-Side Request Forgery (SSRF)
- Bandit output stored in JSON format designed for additional testing and analysis.
-
Clone the Repository
git clone https://github.com/viveksabbani/CAP6614_Final_Project.git cd CAP6614_Final_Project -
Run Bandit Analysis Use Bandit to scan the Python files in the repository:
bandit -r <project-directory>
-
Evaluate Results Review the output from Bandit to identify vulnerabilities and their severity levels.
This repository is maintained by our team as part of our project to evaluate Bandit. Below are the members of our group:
| Name | Role |
|---|---|
| Vivek Sabbani | Admin and Contributor |
| Shivam Singh | Project Lead |
| Tanmay Arora | Contributor |
| Satwik Kaza | Contributor |
| Phaneendra Allu | Contributor |
Thank you for your contributions and collaboration!
- Bandit Documentation: PyCQA Bandit Official Docs
- OWASP Top Ten: OWASP Top Ten Vulnerabilities
We welcome contributions to improve our repository! Feel free to submit pull requests or open issues for suggestions and bug reports.
- This repository is for educational and research purposes only. The intentionally insecure code is provided to help developers and security professionals learn about vulnerabilities. Do not use this code in production environments.
- No copyright infringement intended, as we have used some open source and public code.