Home Blog A Simple Checklist for a Django Security Code Audit

A Simple Checklist for a Django Security Code Audit

Posted by nolan on May 2, 2019, 3:12 p.m.

DEVELOPMENT

When our clients come to us for Django Web Development Services, they often ask us to perform an initial security audit of their existing code. Here's a great place to start if you've been tasked to do the same.

Server Configuration:

- who is able to log in?
- does root have log in permissions? 
- when were user permissions last audited?

System Configuration:
- Who has what type of access?
- If someone with access wanted to, what kind of damage could be done?

Python Configuration:
- Only owners should be able to modify files

Django Configuration:
- Are built in protection middlewares enabled?
- Is django on LTS?
- Are dependencies up to date and compatible with latest LTS django?

The above is a great place to start, but if you need a more in-depth Django Code Audit, we'd be happy to take a look at your code.