MeetupStandup/7. References

37 lines
2.4 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

7. References
7.1 https://docs.djangoproject.com/en/2.2/topics/security/
This document is an overview of Djangos security features.
It includes advice on securing a Django-powered site.
7.2 https://docs.djangoproject.com/en/2.2/internals/security/
Djangos security policies
Djangos development team is strongly committed to responsible reporting
and disclosure of security-related issues. As such, weve adopted and follow
a set of policies which conform to that ideal and are geared toward allowing
us to deliver timely security updates to the official distribution of Django,
as well as to third-party distributions.
7.3 https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
Deployment checklist
The Internet is a hostile environment. Before deploying your Django project,
you should take some time to review your settings, with security, performance,
and operations in mind.
7.4 https://docs.djangoproject.com/en/2.2/releases/security/
Archive of security issues. CVE.
7.5 https://medium.com/@ksarthak4ever/django-and-web-security-headers-d72a9e54155e
Django and Web Security Headers
7.6 https://bandit.readthedocs.io/en/latest/config.html
Bandit is a tool designed to find common security issues in Python code. To do this,
Bandit processes each file, builds an AST from it, and runs appropriate plugins
against the AST nodes. Once Bandit has finished scanning all the files, it generates a report.
7.7 https://snyk.io/blog/python-security-best-practices-cheat-sheet/
Python Security Best Practices Cheat Sheet
In this installment of our cheat sheet series, were going to cover the best practices
for securely using Python.
7.8 https://github.com/sellonen/django-security-tips
The aim of this guide/repository is to learn and promote secure system administration tips and
practices in the Django community. My motivation is that most articles that focus on getting a
Django application up and running do not talk much about security, yet database security guides
often feel too abstract and intimidating for newcomers.
7.9 https://nvisium.com/blog/2019/04/18/django-vs-the-owasp-top-10-part-1.html
Djangos built-in mitigations for some of the most common risks listed in the OWASP Top 10