Tuesday 11 a.m.–11:50 a.m.

Practical Django Secuirty

Levi Gross

Audience level:



Web application security is an ever present problem. The "don't trust user input" mantra sounds nice but doesn't practically work. In this talk we will go over introduce and apply a set of practical programming paradigms that you can use to write secure code.


This talk will go over some of the ways in which developers can enhance the security of their current applications and build security into their new ones. We will review most of the common web application vulnerabilities as well as ones that are specific to Django. After reviewing these issues, I will present a number of clear guidelines and examples on how to mitigate these vulnerabilities and build more secure software.

Topics to be touched on would include:

  • Review the OWASP top 10 vulnerabilities.
  • An introduction to Python specific security issues such as, the use of Pickle and urllib.
  • An introduction to Django specific security issues such as, authorization flaws and mass assignment.
  • An architecture review of Django's request - response cycle conducting a basic threat assessment.
  • Examples of various security flaws and how to prevent them
  • Practical examples on how to write more secure code