When our clients come to us for Django Web Development Services, they often ask us to perform an initial security audit of their existing code. Here's a great place to start if you've been tasked to do the same.
- who is able to log in?
- does root have log in permissions?
- when were user permissions last audited?
- Who has what type of access?
- If someone with access wanted to, what kind of damage could be done?
- Only owners should be able to modify files
- Are built in protection middlewares enabled?
- Is django on LTS?
- Are dependencies up to date and compatible with latest LTS django?
The above is a great place to start, but if you need a more in-depth Django Code Audit, we'd be happy to take a look at your code.