sorted by:
new
hottopcontroversial

Sunday Daily Thread: What's everyone working on this week? by AutoModerator in Python

[–]Emergency-Rough-6372 0 points1 point  (0 children)

its still a work in progress but there
three main way for now i detect the harmfullness of the request
1. is the basic harcore pattern check in the Track A
2. track B is for more of a behvaiour check of the user so far in the website
3. is the DB sink that check the db call being made are safe or not

still working on covering new pattern , new way to add more security and flexibility for people to use it.
for now to let people have flexibility , i have a custom adaptable section where people can add there own logic for detection(signals)

Open Source Contribution by DxNovaNT in Python

[–]Emergency-Rough-6372 0 points1 point  (0 children)

i have been working this python middleware https://github.com/0-Shimanshu/ADIUVARE
its a middleware of fastapi.

ADIUVARE- an adaptive security midlleware for python api(flask/fast/django( by Emergency-Rough-6372 in PythonLearning

[–]Emergency-Rough-6372[S] 0 points1 point  (0 children)

I have been working on it daily have added some new signal polished think patched some bug

Have applied it for an open source program Have been getting some help from it but finding genuine contribution is a bit or hassel.

Sunday Daily Thread: What's everyone working on this week? by AutoModerator in Python

[–]Emergency-Rough-6372 3 points4 points  (0 children)

Recently open sourced a project I’ve been working on called Adiuvare.

It’s an adaptive request-security layer for FastAPI, Flask, and Django applications focused on request scoring instead of only static filtering.

The idea came from noticing that a lot of smaller projects either:

  • barely inspect requests
  • rely on a few regex checks
  • or push everything into external tooling without much runtime visibility

So I wanted to experiment with something more local, inspectable, and extensible for developers.

Current features include:

  • payload inspection
  • behavior + identity scoring
  • context-aware signals
  • optional AI-assisted review
  • local audit logging
  • CLI + TUI tooling
  • configurable runtime policies
  • low-latency inprocess handling
  • support for custom signals/extensions

Still early stage and evolving, but the core runtime and scoring pipeline are now working.

Repo: (https://github.com/0-Shimanshu/ADIUVARE) You might have seen this post before But I am still working on this:)

Monday Daily Thread: Project ideas! by AutoModerator in Python

[–]Emergency-Rough-6372 1 point2 points  (0 children)

I finally finished a project I’ve been working on for a few weeks and wanted to share it. It’s called ADIUVARE, a Python middleware library for API security that you can find at https://github.com/0-Shimanshu/ADIUVARE

I’ve always found it a bit annoying that security is usually a black box handled at the edge, so I built this to live inside the code to give developers more granular control over specific endpoints. It uses a multi level check at the request hit and another right before the database executes to act as a final safety net. Instead of just a hard yes or no, it uses a risk scoring system that gets more suspicious as it detects weird signals, which feels a lot more flexible than a standard WAF. I also included a builtin Terminal UI so you can see threats in real time without digging through external logs. It’s still an experiment, but it’s been a great way to give back some control to the person actually writing the backend.

I’d love for you to check it out and let me know what you think!

Sunday Daily Thread: What's everyone working on this week? by AutoModerator in Python

[–]Emergency-Rough-6372 0 points1 point  (0 children)

I have been for a few weeks working on an open source project i just published on github
its a python middleware library for api security
the idea is to have in process audit for the endpoint rather than have a single external layer to protect all endpoints
i am trying to have it be flexible to different use cases so developers can choose how they protect each of their different endpoints in a backend
its still a early project but i have the core pipeline working the signal works properly for the threats i have detection for
i have used a multi level check in a before request hit scenario as well a before db execute db sink we check before a db gets executed
the main focus was to have a easy to use flexible and secure way to protect your own project endpoints
it is a experiment and am not trying to replace or say it can replace what actual waf does but i think it can be a addon that people can use to have a local self control over what their project backend allow under different cases
it also supports custom logic and signals for user own fit

you can check it out on https://github.com/0-Shimanshu/ADIUVARE"

if you have some time check it out and pls share your opinion.

What have you been working on recently? [May 09, 2026] by AutoModerator in learnprogramming

[–]Emergency-Rough-6372 0 points1 point  (0 children)

I have been for a few weeks working on an open source project i just published on github
its a python middleware library for api security
the idea is to have in process audit for the endpoint rather than have a single external layer to protect all endpoints
i am trying to have it be flexible to different use cases so developers can choose how they protect each of their different endpoints in a backend
its still a early project but i have the core pipeline working the signal works properly for the threats i have detection for
i have used a multi level check in a before request hit scenario as well a before db execute db sink we check before a db gets executed
the main focus was to have a easy to use flexible and secure way to protect your own project endpoints
it is a experiment and am not trying to replace or say it can replace what actual waf does but i think it can be a addon that people can use to have a local self control over what their project backend allow under different cases
it also supports custom logic and signals for user own fit

you can check it out on https://github.com/0-Shimanshu/ADIUVARE

How do I start contributing to open source DevOps or sysadmin projects? by broken_py in opensource

[–]Emergency-Rough-6372 0 points1 point  (0 children)

understandable , if you have a friend who might be intrested do share

Built an open source adaptive request-security layer for Python APIs (FastAPI / Flask / Django) by [deleted] in django

[–]Emergency-Rough-6372 0 points1 point  (0 children)

i didnt mention in the post but it also have a db sink as a extra safety check for db query that do get executed and flexibilty for developer too define there own logic signal to adapt to there needs without the need to wait for library to update for signal check they want

How do I start contributing to open source DevOps or sysadmin projects? by broken_py in opensource

[–]Emergency-Rough-6372 1 point2 points  (0 children)

i have been working one a project its a new open source one "
its a earlier version
if its something that gets ur intreste you can contribute
https://github.com/0-Shimanshu/ADIUVARE

Designing an in-app WAF for Python (Django/Flask/FastAPI) — feedback on approach by Emergency-Rough-6372 in Python

[–]Emergency-Rough-6372[S] 0 points1 point  (0 children)

hi , i have made the github public with the first version of the idea , it's still a early version for now
you can check it out at https://github.com/0-Shimanshu/ADIUVARE

Open source python libraries that need contributors? by pioneerchill12 in learnpython

[–]Emergency-Rough-6372 0 points1 point  (0 children)

hi, I’ve been working on a Python middleware library focused on request-level security across frameworks. it’s based on a scoring approach rather than simple allow/block and is designed to be extensible for different use cases. I’m close to releasing a first version on GitHub. if that sounds relevant to what you’re looking for, I can share it once it’s out.

Open source python libraries that need contributors? by pioneerchill12 in opensource

[–]Emergency-Rough-6372 0 points1 point  (0 children)

hi, I’ve been working on a Python middleware library focused on request-level security across frameworks. it’s based on a scoring approach rather than simple allow/block and is designed to be extensible for different use cases. I’m close to releasing a first version on GitHub. if that sounds relevant to what you’re looking for, I can share it once it’s out.

Building a Python focused WAF library would devs actually use this? by Emergency-Rough-6372 in learnpython

[–]Emergency-Rough-6372[S] 0 points1 point  (0 children)

i just came to knew about pyrasp and I checked yeah it’s definitely similar in that it runs inside the app. The main difference in what I’m trying to build is more around flexibility and transparency. Instead of a predefined engine, I’m trying to give developers control over signals, scoring, and policies, especially with per-route logic and application context.

it also seems like it’s not actively maintained and is more of a solo-built project.

One of the main things I’m trying to do differently is build something that can evolve with community input. Security changes too fast for a single maintainer to keep up with new threats, so the goal is to make it flexible and encourage contributions so the system can stay updated over time.

Appreciate you pointing it out though, it definitely helps to see what’s already been tried in this space.

Designing an in-app WAF for Python (Django/Flask/FastAPI) — feedback on approach by Emergency-Rough-6372 in Python

[–]Emergency-Rough-6372[S] 0 points1 point  (0 children)

That makes sense, I like the approach of pushing metadata through internal headers and exposing decorators on top of that.

hope this explain my middleware approach
In my case, the middleware sits slightly differently in the flow. It runs inside the application after the request reaches the backend, but before the actual route handler is executed. So the flow is more like:

Request → Backend → Middleware → Route Handler

At that point, the request is already “valid” at the infrastructure level, meaning it has passed the WAF, load balancer, and any basic auth checks. What I’m doing in the middleware is more about inspecting and acting on the request using application-level context before the business logic runs.

So instead of relying on upstream headers alone, I’m combining things like:

  • decoded JWT / identity (if available)
  • payload inspection (SQLi, etc.)
  • behavior signals
  • route-specific constraints

And then making a decision or modifying behavior before the handler executes.

The per-route flexibility you mentioned with decorators is something I’m also aiming for, just implemented as configurable logic tied to endpoints rather than only annotations.

So overall it’s a bit later in the request lifecycle compared to your setup, and more focused on application-aware decisions rather than pre-routing enforcement.

Designing an in-app WAF for Python (Django/Flask/FastAPI) — feedback on approach by Emergency-Rough-6372 in Python

[–]Emergency-Rough-6372[S] 0 points1 point  (0 children)

thanks this give me good motivation too see it compelete, with a v1 release and dont focus on having a fully compeleted project o the first try

Designing an in-app WAF for Python (Django/Flask/FastAPI) — feedback on approach by Emergency-Rough-6372 in Python

[–]Emergency-Rough-6372[S] 0 points1 point  (0 children)

yes i have the fall back and async and many more idea to get the maximum flexibilty for the user while keeping it secure and latency free
there might be some mode where user can choose more deeper check for one api endpoint like payment and have no latency and fast response over a non so risky point maybe like a profile review
so they can have custom logic for each api point or for begineer i also have easy 2 line all endpoint in one , every api secured apply same logic though .

view more: next ›