PyCon UK 2015

Django Security

Peter Inglesby

This workshop will explore some of the ways that Django helps you keep your applications and your users secure.

We'll do this by taking a simplish Django site, disabling some of Django's built-in protections, and looking at how to exploit the weaknesses that become exposed.

Along the way, we'll look at types of attack including session hijacking, cross site scripting, cross site request forgery, and SQL injection.

This workshop is not a comprehensive "HOW TO" guide for keeping a Django site secure.

Instead, its goal is to help you understand the mentality required to both evaluate the kinds of security risks that web applications are exposed to, and protect against those risks.