A Simple Checklist for a Django Security Code Audit


Posted by nolan


When our clients come to us for Django Web Development Services, they often ask us to perform an initial security audit of their existing code. Here's a great place to start if you've been tasked to do the same.

Server Configuration:

- who is able to log in?
- does root have log in permissions? 
- when were user permissions last audited?

System Configuration:
- Who has what type of access?
- If someone with access wanted to, what kind of damage could be done?

Python Configuration:
- Only owners should be able to modify files

Django Configuration:
- Are built in protection middlewares enabled?
- Is django on LTS?
- Are dependencies up to date and compatible with latest LTS django?

The above is a great place to start, but if you need a more in-depth Django Code Audit, we'd be happy to take a look at your code.

Return to Articles & Guides