Table of contents


Supported versions

Agents can only be installed in Linux environments. Windows is not supported.

Application Security's Python agent is compatible with the following packages:

Component Version
Python 3.5 to 3.8
Django 2.0 to 3.2
Flask 0.11 to 2.0
Pyramid 1.6 to 2.0
Tornado 5.1 to 6.1

supported on Python 3.6+

Code protection features

The agent can protect WSGI web applications, Tornado applications, and AWS Lambda functions. Additionally, some code protection features have more specific requirements to function properly when enabled, listed in the table below. No dependencies indicates the code protection feature doesn't require specific components.

Feature Requires
SQL Injection
  • Mysqlclient
  • psycopg2
  • pymssql
  • PyMySQL
  • sqlite3
Remote Command Execution
  • Django
  • Pyramid
  • Tornado
  • Werkzeug
  • AWS Lambda
Remote Command Execution: HTTP Params
  • Django
  • Pyramid
  • Tornado
  • Werkzeug
  • AWS Lambda
Illegal File Access
  • No dependencies
Open Redirect
  • Django
  • Flask
  • Tornado
Malicious Payload
  • No dependencies
Malicious File Upload
  • No dependencies

Download the agent

The Python agent is available from the Download page.

Install the agent

To install the agent, follow these steps:

  1. Add the Application Security package to requirements.txt:
  2. Run pip to install the package:
    pip install -r requirements.txt
  3. Import the trend_app_protect.start module at the top of your WSGI script:
    import trend_app_protect.start
  4. Carry out one of the following to configure the agent key and secret:
    • Set the TREND_AP_KEY and TREND_AP_SECRET environment variables. The Key and Secret can be found under Group Settings > Group Credentials.
    • Create the trend_app_protect.ini file. It should be placed either in the root of the project or under /etc (but the environment variables will still take precedence over the .ini file.):
      key = my-key
      secret = my-secret

Configure the agent to communicate with the proper Trend Micro Cloud One region

If you are using a Cloud One region other than 'us-1', you need to configure the agent's connectivity for the region.