Skip to main content

Python agent

The Python agent enables interactive application security testing (IAST) and runtime application self-protection (RASP) for Python applications. It provides support for the most popular Python web application frameworks and also strives to be compatible with any other Python application or framework that conforms to either the WSGI or ASGI standards.

In Assess (IAST), the agent identifies vulnerable dataflow paths and other issues during the normal execution of your application. It reports these findings to your organization in Contrast where you can then remediate the vulnerabilities before deploying the application in a live environment.

In Protect (RASP), the Python agent inspects HTTP requests to identify potentially harmful input vectors. During the request, the agent inspects database queries, file writes, and other potentially damaging actions resulting from the request. At the end of the request, the agent inspects the rendered output for successful attacks and can block a successful attack from being forwarded to the application user. Instead, the agent natively processes all the analysis internally, reaping many benefits including performance gains.


The Python agent supports Assess, Protect, and SCA.

As a next step, you can: