CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-ddtrace

Datadog APM client library providing distributed tracing, continuous profiling, error tracking, test optimization, deployment tracking, code hotspots analysis, and dynamic instrumentation for Python applications.

Pending
Overview
Eval results
Files

application-security.mddocs/

Application Security

Application security monitoring provides comprehensive protection against web application attacks, vulnerabilities, and suspicious behavior through Interactive Application Security Testing (IAST), runtime security monitoring, and AI/LLM-specific security features. This enables real-time threat detection, vulnerability identification, and security policy enforcement.

Capabilities

Security Configuration

Enable and configure application security features through environment variables and programmatic settings.

# Environment variable constants
APPSEC_ENV: str = "DD_APPSEC_ENABLED"
IAST_ENV: str = "DD_IAST_ENABLED"

Usage examples:

import os
from ddtrace.constants import APPSEC_ENV, IAST_ENV

# Enable Application Security Monitoring
os.environ[APPSEC_ENV] = "true"

# Enable Interactive Application Security Testing
os.environ[IAST_ENV] = "true"

# Start your application with security monitoring enabled
# Security features are automatically activated when ddtrace is imported
import ddtrace

Interactive Application Security Testing (IAST)

IAST provides runtime vulnerability detection by analyzing application behavior during execution, identifying security weaknesses such as SQL injection, XSS, path traversal, and other OWASP Top 10 vulnerabilities.

Configuration and usage:

import os
from ddtrace.constants import IAST_ENV

# Enable IAST
os.environ[IAST_ENV] = "true"

# IAST automatically analyzes:
# - SQL queries for injection vulnerabilities
# - File operations for path traversal
# - Template rendering for XSS
# - Deserialization for unsafe operations
# - LDAP queries for injection attacks
# - NoSQL operations for injection vulnerabilities

# Example vulnerable code that IAST would detect:
def vulnerable_query(user_input):
    # IAST detects SQL injection vulnerability
    query = f"SELECT * FROM users WHERE name = '{user_input}'"
    return execute_sql(query)

def vulnerable_file_access(filename):
    # IAST detects path traversal vulnerability
    return open(f"/app/files/{filename}", 'r')

Runtime Application Self-Protection (RASP)

Runtime monitoring and protection against active attacks and suspicious behavior patterns.

import os
from ddtrace.constants import APPSEC_ENV

# Enable runtime protection
os.environ[APPSEC_ENV] = "true"

# RASP automatically monitors and can block:
# - Suspicious request patterns
# - Known attack signatures
# - Abnormal application behavior
# - Malicious payloads in requests

# Example: Automatic detection of attack patterns
def process_request(request_data):
    # RASP monitors this function for:
    # - SQL injection attempts in request_data
    # - XSS payloads in input parameters  
    # - Command injection patterns
    # - Suspicious file access patterns
    return handle_user_request(request_data)

AI/LLM Security Monitoring

Specialized security monitoring for AI and Large Language Model applications, detecting prompt injection, data leakage, and model abuse.

# AI Guard automatically monitors AI/LLM operations when enabled
import os
from ddtrace.constants import APPSEC_ENV

os.environ[APPSEC_ENV] = "true"

# Example: OpenAI integration with automatic security monitoring
from openai import OpenAI

client = OpenAI()

def secure_chat_completion(user_prompt):
    # ddtrace automatically monitors for:
    # - Prompt injection attempts
    # - Data exfiltration patterns
    # - Jailbreak attempts
    # - Sensitive data in prompts/responses
    
    response = client.chat.completions.create(
        model="gpt-3.5-turbo",
        messages=[{"role": "user", "content": user_prompt}]
    )
    
    return response.choices[0].message.content

# Usage with automatic security monitoring
result = secure_chat_completion("Tell me about your training data")

Security Event Detection

Automatic detection and reporting of security events and violations.

Security events are automatically captured and reported when suspicious activity is detected:

# Security events are automatically generated for:
# - Blocked attack attempts
# - Vulnerability detections
# - Policy violations
# - Suspicious behavior patterns

# Events include context such as:
# - Attack type and severity
# - Request details and payload
# - User session information
# - Application response actions

# Example of operations that generate security events:
def handle_login(username, password):
    # Monitors for credential stuffing, brute force
    return authenticate_user(username, password)

def process_upload(file_data):
    # Monitors for malicious file uploads, directory traversal
    return save_uploaded_file(file_data)

def execute_search(search_query):
    # Monitors for injection attacks, data exfiltration
    return search_database(search_query)

Security Policy Configuration

Configure security policies and response actions for different types of threats.

# Security policies are configured through environment variables
import os

# Configure security sensitivity levels
os.environ["DD_APPSEC_RULES"] = "strict"  # strict, standard, permissive

# Configure response actions
os.environ["DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING"] = "enabled"

# Configure custom rules and exceptions
os.environ["DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP"] = "password|token|secret"
os.environ["DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP"] = "pass|pwd|token"

# Rate limiting configuration
os.environ["DD_APPSEC_TRACE_RATE_LIMIT"] = "100"  # traces per second

# WAF (Web Application Firewall) configuration
os.environ["DD_APPSEC_WAF_TIMEOUT"] = "5000"  # microseconds

Framework Integration

Application security automatically integrates with popular Python web frameworks to provide comprehensive protection.

Django Integration

# Django integration is automatic when AppSec is enabled
import os
from ddtrace.constants import APPSEC_ENV

os.environ[APPSEC_ENV] = "true"

# In Django settings.py
INSTALLED_APPS = [
    # ... other apps
    'ddtrace.contrib.django',
]

# Security monitoring covers:
# - Django ORM queries
# - Template rendering
# - File uploads
# - Authentication flows
# - Admin interface access

Flask Integration

import os
from flask import Flask
from ddtrace.constants import APPSEC_ENV

os.environ[APPSEC_ENV] = "true"

app = Flask(__name__)

# Flask routes are automatically monitored for:
# - Request parameter injection
# - File upload vulnerabilities
# - Template injection
# - Authentication bypasses

@app.route('/user/<user_id>')
def get_user(user_id):
    # Automatically monitored for path traversal
    return load_user_data(user_id)

@app.route('/search')
def search():
    query = request.args.get('q')
    # Automatically monitored for injection attacks
    return search_database(query)

FastAPI Integration

import os
from fastapi import FastAPI
from ddtrace.constants import APPSEC_ENV

os.environ[APPSEC_ENV] = "true"

app = FastAPI()

# FastAPI endpoints are automatically monitored
@app.post("/upload")
async def upload_file(file: bytes):
    # Monitored for malicious file uploads
    return process_uploaded_file(file)

@app.get("/data/{item_id}")
async def get_item(item_id: str):
    # Monitored for injection and traversal attacks
    return fetch_item_data(item_id)

Vulnerability Reporting

Detected vulnerabilities and security events are automatically reported to Datadog with detailed context.

# Vulnerability reports include:
# - Vulnerability type (SQL injection, XSS, etc.)
# - Severity level (critical, high, medium, low)
# - Affected code location and stack trace
# - Request details and attack payload
# - Remediation suggestions

# Example vulnerability detection:
def unsafe_sql_query(user_input):
    # This would generate a vulnerability report:
    # Type: SQL Injection
    # Severity: High
    # Location: Line 123, function unsafe_sql_query
    # Payload: "'; DROP TABLE users; --"
    # Suggestion: Use parameterized queries
    
    query = f"SELECT * FROM products WHERE name = '{user_input}'"
    return execute_query(query)

Security Headers and Response Modification

Automatic enhancement of HTTP responses with security headers and protection mechanisms.

# When AppSec is enabled, responses are automatically enhanced with:
# - Content Security Policy headers
# - X-Frame-Options headers
# - X-Content-Type-Options headers
# - Security event correlation headers

# Example of automatic response enhancement:
@app.route('/sensitive-data')
def get_sensitive_data():
    data = fetch_sensitive_information()
    
    # Response automatically includes:
    # X-Content-Type-Options: nosniff
    # X-Frame-Options: DENY
    # Content-Security-Policy: default-src 'self'
    # DD-Trace-ID: correlation header for security events
    
    return jsonify(data)

Custom Security Rules

Define custom security rules and detection patterns for application-specific threats.

# Custom security rules can be configured through environment variables
import os

# Define custom attack patterns
os.environ["DD_APPSEC_RULES_FILE"] = "/path/to/custom-rules.json"

# Custom rule example (in JSON file):
# {
#   "rules": [
#     {
#       "id": "custom-rule-001",
#       "name": "API Key Exposure",
#       "pattern": "sk-[a-zA-Z0-9]{48}",
#       "severity": "high",
#       "action": "block"
#     }
#   ]
# }

def process_api_request(request_data):
    # Custom rules are automatically applied to monitor for:
    # - API key exposure in logs/responses
    # - Custom business logic vulnerabilities
    # - Domain-specific attack patterns
    return handle_request(request_data)

Security Event Analysis

Security events and vulnerabilities detected by ddtrace AppSec appear in the Datadog Security platform with:

  • Attack Timeline: Chronological view of security events
  • Vulnerability Assessment: IAST-detected code vulnerabilities
  • Threat Intelligence: Attack attribution and threat actor information
  • Risk Scoring: Business impact assessment for detected threats
  • Remediation Guidance: Code fix recommendations and security best practices

Best Practices

Production Deployment

import os
from ddtrace.constants import APPSEC_ENV, IAST_ENV

# Production security configuration
os.environ[APPSEC_ENV] = "true"        # Enable runtime protection
os.environ[IAST_ENV] = "false"         # Disable IAST in production (use in staging)

# Configure appropriate sensitivity for production
os.environ["DD_APPSEC_RULES"] = "standard"  # Balanced detection/performance
os.environ["DD_APPSEC_TRACE_RATE_LIMIT"] = "100"  # Rate limit security traces

Development and Testing

import os
from ddtrace.constants import APPSEC_ENV, IAST_ENV

# Development/staging security configuration  
os.environ[APPSEC_ENV] = "true"   # Enable runtime monitoring
os.environ[IAST_ENV] = "true"     # Enable vulnerability detection

# More verbose detection in development
os.environ["DD_APPSEC_RULES"] = "strict"
os.environ["DD_APPSEC_TRACE_RATE_LIMIT"] = "1000"

Security Testing Integration

# Integration with security testing frameworks
import unittest
from ddtrace.constants import APPSEC_ENV

class SecurityTestCase(unittest.TestCase):
    def setUp(self):
        os.environ[APPSEC_ENV] = "true"
        
    def test_sql_injection_protection(self):
        # Test that SQL injection attempts are detected
        malicious_input = "'; DROP TABLE users; --"
        result = search_users(malicious_input)
        # Verify security event was generated
        
    def test_xss_protection(self):
        # Test that XSS payloads are detected
        xss_payload = "<script>alert('xss')</script>"
        result = render_user_content(xss_payload)
        # Verify XSS attempt was blocked/detected

Install with Tessl CLI

npx tessl i tessl/pypi-ddtrace

docs

application-security.md

automatic-instrumentation.md

configuration-settings.md

core-tracing.md

index.md

opentelemetry-integration.md

profiling.md

tile.json