diff --git a/test-requirements.txt b/test-requirements.txt
index 1b4dc1e..8e1945c 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -10,3 +10,4 @@ coverage>=3.6 # Apache-2.0
 #discover
 #python-subunit>=0.0.18
 sphinx!=1.3b1,<1.4,>=1.2.1 # BSD
+bandit>=1.1.0  # Apache-2.0
diff --git a/tox.ini b/tox.ini
index 3983061..83fde7b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -29,6 +29,10 @@ setenv = VIRTUAL_ENV={envdir}
 commands =
     flake8 swauth test
     flake8 --filename=swauth* bin
+    bandit -r swauth -s B110,B309
+
+[testenv:bandit]
+commands = bandit -r swauth -s B110,B309
 
 [testenv:venv]
 commands = {posargs}