Topics on this page
Python
Supported versions
Agents can only be installed in Linux environments. Windows is not supported.
Application Security's Python agent is compatible with the following packages:
| Component | Version |
| Python | 3.5 to 3.8 |
| Django | 2.0 to 3.2 |
| Flask | 0.11 to 2.0 |
| Pyramid | 1.6 to 2.0 |
| Tornado | 5.1 to 6.1
supported on Python 3.6+ |
Code protection features
The agent can protect WSGI web applications, Tornado applications, and AWS Lambda functions. Additionally, some code protection features have more specific requirements to function properly when enabled, listed in the table below. No dependencies indicates the code protection feature doesn't require specific components.
| Feature | Requires |
|---|---|
| SQL Injection |
|
| Remote Command Execution |
|
| Remote Command Execution: HTTP Params |
|
| Illegal File Access |
|
| Open Redirect |
|
| Malicious Payload |
|
| Malicious File Upload |
|
Download the agent
The Python agent is available from the Download page.
Install the agent
To install the agent, follow these steps:
- Add the Application Security package to requirements.txt:
trend_app_protect - Run pip to install the package:
pip install -r requirements.txt - Import the
trend_app_protect.startmodule at the top of your WSGI script:
import trend_app_protect.start - Carry out one of the following to configure the agent key and secret:
- Set the
TREND_AP_KEYandTREND_AP_SECRETenvironment variables. The Key and Secret can be found under Group Settings > Group Credentials. - Create the
trend_app_protect.inifile. It should be placed either in the root of the project or under/etc(but the environment variables will still take precedence over the.inifile.):[trend_app_protect] key = my-key secret = my-secret
- Set the
Configure the agent to communicate with the proper Trend Micro Cloud One region
If you are using a Cloud One region other than 'us-1', you need to configure the agent's connectivity for the region.