Sign in Create Account
🐍

Python for AppSec Engineers

Explore common and subtle security issues in Python web applications through hands-on labs, code review exercises, and real CVEs from popular frameworks.

37 exercises
4 chapters ← All Tracks
Chapter 1
Code Execution & Deserialization
Exploit unsafe deserialization in Pickle and PyYAML, then review Python code for command injection, insecure deserialization patterns, and remote code execution flaws.
1
Pickle Code Execution Pro
Exploitation
2
CVE-2020-14343: PyYAML unsafe loader Pro
Exploitation
3
Python Code Review 01 Pro
Code Review · Code Execution
4
Python Snippet #09 Pro
Code Review · Command Execution
5
Python Snippet #03 Pro
Code Review · Insecure Deserialization
6
CVE-2021-37xxx Pro
Code Review · Insecure Deserialization
7
CVE-2025-0X6X Pro
Code Review · Code Execution
8
CVE-2025-XXX57 Pro
Code Review · Code Execution
Chapter 2
Injection & XML Attacks
Find and review SQL injection, XPath injection, log injection, and XML external entity vulnerabilities in Python applications and real CVEs.
9
Python Snippet #05 Pro
Code Review · SQL Injection
10
CVE-2026-X189X Pro
Code Review · SQL Injection
11
CVE-2025-XX662 Pro
Code Review · SQL Injection
12
Python Code Review 06 Pro
Code Review · XPath Injection
13
CVE-2024-X68X Pro
Code Review · Log Injection
14
CVE-2025-6X85 Pro
Code Review · XML External Entity
Recommended: Complete Chapter 1 first
Chapter 3
Paths, Redirects & Server-Side Requests
Review directory traversal, open redirect, SSRF, and host header injection vulnerabilities across Python code review exercises and real-world CVEs.
15
Python Snippet #04 Pro
Code Review · Directory Traversal
16
Python Code Review 02 Pro
Code Review · Directory Traversal
17
Python Code Review 09 Pro
Code Review · Directory Traversal
18
Code Review 02 Pro
Code Review · Directory Traversal
19
CVE-2026-XX871 Pro
Code Review · Directory Traversal
20
CVE-2025-XX149 Pro
Code Review · Directory Traversal
21
Python Code Review 04 Pro
Code Review · Open Redirect
22
CVE-2024-419XX Pro
Code Review · Open Redirect
23
Python Snippet #02 Pro
Code Review · Server-Side Request Forgery
24
Python Code Review 07 Pro
Code Review · Server-Side Request Forgery
25
CVE-2025-6X5X7 Pro
Code Review · Host Header Injection
Recommended: Complete Chapters 1 & 2 first
Chapter 4
XSS, Filters, Crypto & Application Security
Review cross-site scripting, filter bypass techniques, timing attacks, padding oracle, and transport security issues in Python applications and real CVEs.
26
Python Code Review 03 Pro
Code Review · Cross-Site Scripting
27
CVE-2024-XX3X9 Pro
Code Review · Cross-Site Scripting
28
Python Code Review 05 Pro
Code Review · Filter Bypass
29
Python Snippet #06 Pro
Code Review · Filter Bypass
30
CVE-2024-433XX Pro
Code Review · Filter Bypass
31
CVE-2025-6X9X2 Pro
Code Review · Improper Encoding
32
CVE-2025-X270X Pro
Code Review · Denial of Service
33
Python Snippet #01 Pro
Code Review · Length Extension
34
CVE-2025-X942X Pro
Code Review · Non Constant in Time Comparison
35
Python Snippet #08 Pro
Code Review · Padding Oracle
36
Python Snippet #07 Pro
Code Review · Traffic Interception
37
CVE-2026-XXX50 Pro
Code Review · Insecure Data Transport
Recommended: Complete all previous chapters