{"id":13716378,"url":"https://github.com/vintasoftware/awesome-django-security","last_synced_at":"2025-09-12T04:42:13.272Z","repository":{"id":43970909,"uuid":"188238132","full_name":"vintasoftware/awesome-django-security","owner":"vintasoftware","description":"A collection of Django security-related tools and libs.","archived":false,"fork":false,"pushed_at":"2021-11-19T12:26:21.000Z","size":22,"stargazers_count":192,"open_issues_count":0,"forks_count":29,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-05-18T19:59:34.608Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vintasoftware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-05-23T13:19:31.000Z","updated_at":"2024-04-23T20:54:16.000Z","dependencies_parsed_at":"2022-09-08T14:31:16.569Z","dependency_job_id":null,"html_url":"https://github.com/vintasoftware/awesome-django-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vintasoftware%2Fawesome-django-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vintasoftware%2Fawesome-django-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vintasoftware%2Fawesome-django-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vintasoftware%2Fawesome-django-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vintasoftware","download_url":"https://codeload.github.com/vintasoftware/awesome-django-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243112140,"owners_count":20238183,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T00:01:09.883Z","updated_at":"2025-03-13T20:42:42.138Z","avatar_url":"https://github.com/vintasoftware.png","language":null,"funding_links":[],"categories":["Programming Language Lists","Web"],"sub_categories":["Python Lists"],"readme":"\n\u003cbr/\u003e\n\u003cdiv align=\"center\"\u003e\n\n[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)\n\n_List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._\n\nSupported by: [Vinta Software](https://www.vinta.com.br)\n\u003c/div\u003e\n\u003cbr/\u003e\n\n# Awesome Django Security\n\nA collection of Django security-related tools and topics. If you are concerned about security and use django for productivity, this can be of help.\n\nIf you'd like to __contribute__ to this list, simply open a PR with your additions.\n\nMaintained by [@tcostam](https://twitter.com/tcostam). If you have contributions but don't have the time, give me a shout at twitter\n\nTable of Contents\n=================\n\n   * [Libs](#libs)\n      * [MFA](#mfa)\n      * [Session Management](#session-management)\n      * [Permissions Management](#permissions-management)\n      * [Honeypots](#honeypots)\n      * [Cryptography](#cryptography)\n      * [Storage](#storage)\n      * [Other](#other)\n   * [Tools](#tools)\n   * [Vulnerabilities](#vulnerabilities)\n   * [Guidelines](#guidelines)\n   * [Documentation](#documentation)\n   * [Courses](#courses)\n   * [Talks](#talks)\n   * [Articles](#articles)\n\n## Libs\n\n### MFA\n\n* [Django Secure Auth](https://github.com/gotlium/django-secure-auth): Secure authentication by TOTP, SMS, Codes \u0026 Question. Login protected by IP ranges and with captcha\n* [Django MFA2](https://github.com/mkalioby/django-mfa2): A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Webauthn), Email Token and Trusted Devices\n* [Django Two Factor Auth](https://github.com/Bouke/django-two-factor-auth): Django Two Factor Auth: Complete Two-Factor Authentication for Django providing the easiest integration into most Django projects\n\n\n### Session management\n\n* [Django Defender](https://github.com/kencochrane/django-defender): A simple super fast django reusable app that blocks people from brute forcing login attempts\n* [Django Axes](https://github.com/jazzband/django-axes): Keep track of failed login attempts in Django-powered sites\n* [Django Registration](https://github.com/ubernostrum/django-registration): django-registration is an extensible application providing user registration functionality for Django-powered Web sites\n* [Django Session Activity](https://github.com/nigma/django-session-activity): List recent account activity and sign-out from all sessions opened on other computers\n* [Django Restricted Sessions](https://github.com/mxsasha/django-restricted-sessions): Restrict Django sessions to IP and/or user agent\n* [Django Ratelimit Backend](https://github.com/brutasse/django-ratelimit-backend): Rate-limit your login attempts at the authentication backend level\n* [Django Session Security](https://github.com/yourlabs/django-session-security): Django Session Security: user's page activity monitoring for logging him out\n* [Django Simple Captcha](https://github.com/mbi/django-simple-captcha)\n\n### Permissions management\n\n* [DjangoRestFramework Api Key](https://github.com/florimondmanca/djangorestframework-api-key): API key permissions for the Django REST Framework\n* [Django Rules](https://github.com/maraujop/django-rules): flexible and scalable Django authorization backend for unified per object permission management\n* [Django Rules](https://github.com/dfunckt/django-rules): provides object-level permissions to Django, without requiring a database\n* [Django Role Permissions](https://github.com/vintasoftware/django-role-permissions): A django app for role based permissions\n* [Dry Rest Permissions](https://github.com/dbkaplan/dry-rest-permissions): Dry Rest Permissions: Rules based permissions for the Django Rest Framework\n* [Django Guardian](https://github.com/django-guardian/django-guardian): implementation of per-object permissions on top of Django's authorization backend.\n* [Django Authority](https://github.com/jazzband/django-authority): A Django app that provides generic per-object-permissions for Django's auth app and helpers to create custom permission checks\n* [Django Permission](https://github.com/lambdalisue/django-permission): An enhanced permission system which support object permission in Django\n* [Django Rulez](https://github.com/chrisglass/django-rulez): A lean and mean object-level rules system for the Django framework\n\n### Honeypots\n\n* [Django Admin Honeypot](https://github.com/dmpayton/django-admin-honeypot): django-admin-honeypot is a fake Django admin login screen to log and notify admins of attempted unauthorized access\n* [Django Honeypot](https://github.com/jamesturk/django-honeypot): Django Honeypot: Generic honeypot utilities for use in django projects\n\n### Cryptography\n\n* [Django Cryptography](https://github.com/georgemarshall/django-cryptography): Easily encrypt data in Django\n\n### Storage\n\n* [Django Safe Filefield](https://github.com/mixkorshun/django-safe-filefield): Secure file field, which allows you to restrict uploaded file extensions\n* [Django Random Filestorage](https://github.com/mxsasha/django-random-filestorage): Django storage class that assigns random filenames to all stored files\n\n### Other\n\n* [Django Security](https://github.com/sdelements/django-security): A collection of models, views, middlewares, and forms to help secure a Django project.\n* [Django Sudo](https://github.com/mattrobenolt/django-sudo): Extra security for your sensitive pages\n* [Django Impersonate](https://bitbucket.org/petersanchez/django-impersonate/): Simple app to allow superusers to login as other (non-superuser) accounts via a quick user switch process\n* [Wemake Django Template](https://github.com/wemake-services/wemake-django-template): Bleeding edge django template focused on code quality and security\n* [Django SSLify](https://github.com/rdegges/django-sslify/): Force SSL on your Django site\n* [Django Stronghold](https://github.com/mgrouchy/django-stronghold/): Make all your Django views default login_required\n* [Django Lockdown](https://github.com/Dunedan/django-lockdown): Django Lockdown: Lock down a Django site or individual views, with configurable preview authorization\n* [Impostor](https://github.com/samastur/Impostor): Django app that enables staff to log in as other users using their own credentials\n* [Django Primate](https://github.com/sorl/django-primate): A Modular Django User\n* [Django HTML Sanitizer](https://github.com/ui/django-html_sanitizer): A set of HTML input sanitization or cleaning utilities for django models, forms and templates\n* [Django Rules Light](https://github.com/yourlabs/django-rules-light): This is a simple alternative to django-rules. The core difference is that it uses as registry that can be modified on runtime, instead of database models.\n* [Django Inspectional Registration](https://github.com/lambdalisue/django-inspectional-registration): Django registration app with Inspection before activation\n* [Django Mongo Auth](https://github.com/mitar/django-mongo-auth): Django authentication based on an extensible MongoEngine user class\n* [HTML Sanitizer](https://github.com/matthiask/html-sanitizer): Allowlist-based HTML cleaner\n* [Bleach](https://github.com/mozilla/bleach): Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes\n\n## Tools\n\n* [Django Trawler](https://bitbucket.org/onelson/django-trawler/src/default/): This app is used to send out phishing emails and collect data on which recipients acted on them\n* [DJ Checkup](https://djcheckup.com/): basic automated security checkup for Django websites\n* [SSL Checker](https://www.sslshopper.com/ssl-checker.html): diagnose problems with your SSL certificate installation\n* [Safety](https://pyup.io/safety/): check your dependencies for known security vulnerabilities\n* [Mozilla Observatory](https://observatory.mozilla.org): The Mozilla Observatory is a set of tools to analyze your website and inform you if you are utilizing the many available methods to secure it.\n* [Snyk](https://snyk.io): CLI and build-time tool to find \u0026 fix known vulnerabilities in open-source dependencies\n\n## Vulnerabilities\n\n* [Django Debreach](https://github.com/lpomfrey/django-debreach/): Basic/extra mitigation against the BREACH attack for Django projects\n* [Django CVEs](https://www.cvedetails.com/vulnerability-list/vendor_id-10199/product_id-18211/Djangoproject-Django.html)\n* [Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)](https://seclists.org/oss-sec/2019/q2/138)\n\n## Guidelines\n\n* [Django Security Tips](https://github.com/sellonen/django-security-tips): Learn and promote secure system administration tips and practices in the Django community\n* [OWASP Python Security Project](http://www.pythonsecurity.org/)\n* [Django Security Cheat Sheet - OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org/cheatsheets/Django_Security_Cheat_Sheet.html)\n* [Django REST Framework (DRF) Cheat Sheet - OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org/cheatsheets/Django_REST_Framework_Cheat_Sheet.html)\n\n## Documentation\n\n* [Django Docs: Security in Django](https://docs.djangoproject.com/en/2.2/topics/security/)\n* [Django Packages: Security](https://djangopackages.org/grids/g/security/)\n* [Deployment checklist](https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/)\n* [Mozilla's tutorial on Django web application security](https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/web_application_security)\n\n## Courses\n\n* [Learn the secrets to defensive programming in Python and Django](https://www.synopsys.com/blogs/software-security/defensive-programming-python-django/)\n\n## Talks\n\n* [Terri Oda - Python Security Tools - PyCon 2019](https://www.youtube.com/watch?v=e7zzdl8OXCU)\n* [Kelsey Gilmore-Innis - Making Django Ridiculously Secure (CW) - DjangoCon US 2015](https://youtu.be/H2llNbMe-V4?si=i4-OUGvOHb4cdsrq)\n\n## Articles\n\n* [What You Need to Know to Manage Users in Django Admin](https://realpython.com/manage-users-in-django-admin/)\n* [MDN - Django web application security](https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/web_application_security)\n* [Protect Your Django Web Application From Security Threats](https://dzone.com/articles/protect-your-django-web-application-from-security-1)\n* [10 tips for making the Django Admin more secure](https://opensource.com/article/18/1/10-tips-making-django-admin-more-secure)\n* [Tips and Tools for Securing Django](https://www.laurencegellert.com/2019/01/tips-and-tools-for-securing-django/)\n* [Django in the wild: tips for deployment survival](https://medium.freecodecamp.org/django-in-the-wild-tips-for-deployment-survival-9b491081c2e4)\n* [Django Web Application Security](https://pt.slideshare.net/levigross/django-web-application-security)\n* [Django in the real world](https://pt.slideshare.net/jacobian/django-in-the-real-world/)\n* [XSS Exploitation in Django Applications](https://tonybaloney.github.io/posts/xss-exploitation-in-django.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvintasoftware%2Fawesome-django-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvintasoftware%2Fawesome-django-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvintasoftware%2Fawesome-django-security/lists"}