#typescript#penetration_testing#pentesting#security_audit#security_automation#security_tools
Shannon is a free, open-source AI pentester (Lite edition) that autonomously scans your web app's source code, finds vulnerabilities like injections and auth bypasses, then executes real exploits via browser to prove them. Launch with one Docker command using Anthropic API; it delivers pentester-grade reports with copy-paste PoCs in 1-1.5 hours for ~$50. It beat humans with 96% success on benchmarks, finding 20+ critical flaws in OWASP apps. You benefit by testing code daily on non-production setups, closing security gaps from yearly manual pentests, and shipping confidently without hackers striking first.
https://github.com/KeygraphHQ/shannon
https://pypi.python.org/pypi/oauthlib
A generic, spec-compliant, thorough implementation of the #OAuth request-signing logic for python
OAuth often seems complicated and difficult-to-implement. There are several prominent libraries for handling OAuth requests, but they all suffer from one or both of the following:
They predate the OAuth 1.0 spec, AKA RFC 5849.
They predate the OAuth 2.0 spec, AKA RFC 6749.
They assume the usage of a specific HTTP request library.
OAuthLib is a generic utility which implements the logic of OAuth without assuming a specific HTTP request object or web framework. Use it to graft OAuth client support onto your favorite HTTP library, or provide support onto your favourite web framework. If you’re a maintainer of such a library, write a thin veneer on top of OAuthLib and get OAuth support for very little effort.
https://aaronparecki.com/2012/07/29/2/oauth2-simplified#others
OAuth 2 Simplified
Sun, Jul 29, 2012 9:30am -07:00
Many services such as #Facebook, #Github, and #Google have already deployed OAuth 2 servers, and deployed implementations win.
The #OAuth 2 spec itself leaves many decisions up to the implementor. Instead of describing all possible decisions that need to be made to successfully implement OAuth 2, this post makes decisions that are appropriate for most implementations.
This post is an attempt to describe OAuth 2 in a simplified format to help developers and service providers implement the protocol.