37 lines
2.4 KiB
Plaintext
37 lines
2.4 KiB
Plaintext
|
7. References
|
|||
|
|
7.1 https://docs.djangoproject.com/en/2.2/topics/security/
|
|||
|
|
This document is an overview of Django’s security features.
|
|||
|
|
It includes advice on securing a Django-powered site.
|
|||
|
|
7.2 https://docs.djangoproject.com/en/2.2/internals/security/
|
|||
|
|
Django’s security policies
|
|||
|
|
Django’s development team is strongly committed to responsible reporting
|
|||
|
|
and disclosure of security-related issues. As such, we’ve adopted and follow
|
|||
|
|
a set of policies which conform to that ideal and are geared toward allowing
|
|||
|
|
us to deliver timely security updates to the official distribution of Django,
|
|||
|
|
as well as to third-party distributions.
|
|||
|
|
7.3 https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
|
|||
|
|
Deployment checklist
|
|||
|
|
The Internet is a hostile environment. Before deploying your Django project,
|
|||
|
|
you should take some time to review your settings, with security, performance,
|
|||
|
|
and operations in mind.
|
|||
|
|
7.4 https://docs.djangoproject.com/en/2.2/releases/security/
|
|||
|
|
Archive of security issues. CVE.
|
|||
|
|
7.5 https://medium.com/@ksarthak4ever/django-and-web-security-headers-d72a9e54155e
|
|||
|
|
Django and Web Security Headers
|
|||
|
|
7.6 https://bandit.readthedocs.io/en/latest/config.html
|
|||
|
|
Bandit is a tool designed to find common security issues in Python code. To do this,
|
|||
|
|
Bandit processes each file, builds an AST from it, and runs appropriate plugins
|
|||
|
|
against the AST nodes. Once Bandit has finished scanning all the files, it generates a report.
|
|||
|
|
7.7 https://snyk.io/blog/python-security-best-practices-cheat-sheet/
|
|||
|
|
Python Security Best Practices Cheat Sheet
|
|||
|
|
In this installment of our cheat sheet series, we’re going to cover the best practices
|
|||
|
|
for securely using Python.
|
|||
|
|
7.8 https://github.com/sellonen/django-security-tips
|
|||
|
|
The aim of this guide/repository is to learn and promote secure system administration tips and
|
|||
|
|
practices in the Django community. My motivation is that most articles that focus on getting a
|
|||
|
|
Django application up and running do not talk much about security, yet database security guides
|
|||
|
|
often feel too abstract and intimidating for newcomers.
|
|||
|
|
7.9 https://nvisium.com/blog/2019/04/18/django-vs-the-owasp-top-10-part-1.html
|
|||
|
|
Django’s built-in mitigations for some of the most common risks listed in the OWASP Top 10
|
|||
|
|
|