Must read: James Socol's Best Basic Security Practices (Especially with Django)

James Socol, the Community Platforms Manager at Mozilla, is writing a great summary about best security pratices web developers must be aware of. Even if mainly focused on Django ironing, it's a must read for every web developer.

Posted August 24th, 2012 in must read, django, security

Point your browser on James Socol's website, Cofffe on the keyboard and bookmark it. James - the Community Platforms Manager at Mozilla - is writing a great summary about web security focused on Django applications, but valid nonetheless for every framework.

These are the arguments he's covering:

  • Basics: locking your car doors.
    • Password Storage
    • XSS: Cross-Site Scripting
    • CSRF: Cross-Site Request Forgeries
    • Injections, SQL and Otherwise
    • Access Control
    • Session Fixation and Hijacking
    • Server Configuration
    • Click-jacking and a little Phishing
    • Stay Up to Date
  • Advanced: Some gotchas from my experience and some things you may well see.
    • Mass Assignment
    • Cache Poisoning
    • Bots: Spam, Brute-force, and User Experience
    • PCI-DSS
    • CEF Logging
  • What browsers are doing to help.
    • Content Security Policy
    • X-Frame-Options
    • Do Not Track ** Sandboxing

This is the link to the summary article.

Mozilla and Django

Maybe you don't know it, but Mozilla uses Django for a lot of things. For example, addons.mozilla.org is based on Django and the sources are available on GitHub.

If you're interested about Django and Mozilla, you should check Mozilla Webdev blog.

Read it!

I can't stress it enough: it's a must read for every web developer.