• Home
  • Submit a blog post!
  • Archive
  • RSS
    • Install Theme

    Django Security Tips for Beginners

    This blog post was written by Anagha Todalbagi, thanks! ❤️

    We added a few more links for those who want to know more about security.

    I have been using Django for the last 2 years and have compiled a list of basics to be taken care of to ensure a secure Django app (this is based on experience, to ensure nobody else repeats the mistakes I’ve made)

    Some pointers to begin with:

    1. A basic check – https://www.ponycheckup.com/
    2. Use Django templates to protect yourself against the majority of XSS attacks
    3. It is always better for security, though not always practical in all cases, to deploy your site behind HTTPS (Set up redirection so that requests over HTTP are redirected to HTTPS)
    4. The django-session-security package can help you log out inactive users https://github.com/yourlabs/django-session-security
    5. Ensure DEBUG is set to false in settings.py on production environment
    6. Be very careful with marking views with the csrf_exempt decorator unless it is absolutely necessary

    Choosing an API framework for Django – http://www.pydanny.com/choosing-an-api-framework-for-django.html

    We use DRF at work – http://www.django-rest-framework.org/

    Further reading:

    1. The Django documentation on security: https://docs.djangoproject.com/en/stable/topics/security/
    2. Erik Romijn’s 2013 blog post on Django security, which includes some statistics on the security of Django websites: http://blog.solidlinks.nl/post/50582466403/a-brief-survey-of-django-security-djangocon-eu
    3. Spin Lai’s presentation, “Two Scoops of Django: Security Best Practices,” provides an overview of the security tips recommended in the book Two Scoops of Django. (Note: This presentation covers Django 1.5, but much of it will still be applicable to Django 1.9.) http://www.slideshare.net/spinlai/django-workshop-securitybestpractices
    4. Making Django Really, Really, Ridiculously Secure, by Kelsey Gilmore-Innis http://nerd.kelseyinnis.com/blog/2015/09/08/making-django-really-really-ridiculously-secure/
    5. http://www.slideshare.net/levigross/django-web-application-security

    You can rely on answers to common Django problems on Stack overflow, mainly from Daniel Roy Greenfeld (@pydanny on Twitter) and Daniel Roseman.

    23rd Feb 2016 3 notes
    1. Anagha Todalbagi submitted this to djangogirls
    © 2014–2024 - Django Girls Blog - Powered by Tumblr

    UltraZen Theme by UltraLinx