Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/vintasoftware/awesome-django-security
A collection of Django security-related tools and libs.
https://github.com/vintasoftware/awesome-django-security
List: awesome-django-security
Last synced: 24 days ago
JSON representation
A collection of Django security-related tools and libs.
- Host: GitHub
- URL: https://github.com/vintasoftware/awesome-django-security
- Owner: vintasoftware
- Created: 2019-05-23T13:19:31.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2021-11-19T12:26:21.000Z (about 3 years ago)
- Last Synced: 2024-05-18T19:59:34.608Z (7 months ago)
- Size: 21.5 KB
- Stars: 192
- Watchers: 10
- Forks: 29
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-cybersecurity - awesome-django-security - A collection of Django security-related tools and libs. (Web)
- ultimate-awesome - awesome-django-security - A collection of Django security-related tools and libs. (Programming Language Lists / Python Lists)
README
[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)
_List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._
Supported by: [Vinta Software](https://www.vinta.com.br)
# Awesome Django Security
A collection of Django security-related tools and topics. If you are concerned about security and use django for productivity, this can be of help.
If you'd like to __contribute__ to this list, simply open a PR with your additions.
Maintained by [@tcostam](https://twitter.com/tcostam). If you have contributions but don't have the time, give me a shout at twitter
Table of Contents
=================* [Libs](#libs)
* [MFA](#mfa)
* [Session Management](#session-management)
* [Permissions Management](#permissions-management)
* [Honeypots](#honeypots)
* [Cryptography](#cryptography)
* [Storage](#storage)
* [Other](#other)
* [Tools](#tools)
* [Vulnerabilities](#vulnerabilities)
* [Guidelines](#guidelines)
* [Documentation](#documentation)
* [Courses](#courses)
* [Talks](#talks)
* [Articles](#articles)## Libs
### MFA
* [Django Secure Auth](https://github.com/gotlium/django-secure-auth): Secure authentication by TOTP, SMS, Codes & Question. Login protected by IP ranges and with captcha
* [Django MFA2](https://github.com/mkalioby/django-mfa2): A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Webauthn), Email Token and Trusted Devices
* [Django Two Factor Auth](https://github.com/Bouke/django-two-factor-auth): Django Two Factor Auth: Complete Two-Factor Authentication for Django providing the easiest integration into most Django projects### Session management
* [Django Defender](https://github.com/kencochrane/django-defender): A simple super fast django reusable app that blocks people from brute forcing login attempts
* [Django Axes](https://github.com/jazzband/django-axes): Keep track of failed login attempts in Django-powered sites
* [Django Registration](https://github.com/ubernostrum/django-registration): django-registration is an extensible application providing user registration functionality for Django-powered Web sites
* [Django Session Activity](https://github.com/nigma/django-session-activity): List recent account activity and sign-out from all sessions opened on other computers
* [Django Restricted Sessions](https://github.com/mxsasha/django-restricted-sessions): Restrict Django sessions to IP and/or user agent
* [Django Ratelimit Backend](https://github.com/brutasse/django-ratelimit-backend): Rate-limit your login attempts at the authentication backend level
* [Django Session Security](https://github.com/yourlabs/django-session-security): Django Session Security: user's page activity monitoring for logging him out
* [Django Simple Captcha](https://github.com/mbi/django-simple-captcha)### Permissions management
* [DjangoRestFramework Api Key](https://github.com/florimondmanca/djangorestframework-api-key): API key permissions for the Django REST Framework
* [Django Rules](https://github.com/maraujop/django-rules): flexible and scalable Django authorization backend for unified per object permission management
* [Django Rules](https://github.com/dfunckt/django-rules): provides object-level permissions to Django, without requiring a database
* [Django Role Permissions](https://github.com/vintasoftware/django-role-permissions): A django app for role based permissions
* [Dry Rest Permissions](https://github.com/dbkaplan/dry-rest-permissions): Dry Rest Permissions: Rules based permissions for the Django Rest Framework
* [Django Guardian](https://github.com/django-guardian/django-guardian): implementation of per-object permissions on top of Django's authorization backend.
* [Django Authority](https://github.com/jazzband/django-authority): A Django app that provides generic per-object-permissions for Django's auth app and helpers to create custom permission checks
* [Django Permission](https://github.com/lambdalisue/django-permission): An enhanced permission system which support object permission in Django
* [Django Rulez](https://github.com/chrisglass/django-rulez): A lean and mean object-level rules system for the Django framework### Honeypots
* [Django Admin Honeypot](https://github.com/dmpayton/django-admin-honeypot): django-admin-honeypot is a fake Django admin login screen to log and notify admins of attempted unauthorized access
* [Django Honeypot](https://github.com/jamesturk/django-honeypot): Django Honeypot: Generic honeypot utilities for use in django projects### Cryptography
* [Django Cryptography](https://github.com/georgemarshall/django-cryptography): Easily encrypt data in Django
### Storage
* [Django Safe Filefield](https://github.com/mixkorshun/django-safe-filefield): Secure file field, which allows you to restrict uploaded file extensions
* [Django Random Filestorage](https://github.com/mxsasha/django-random-filestorage): Django storage class that assigns random filenames to all stored files### Other
* [Django Security](https://github.com/sdelements/django-security): A collection of models, views, middlewares, and forms to help secure a Django project.
* [Django Sudo](https://github.com/mattrobenolt/django-sudo): Extra security for your sensitive pages
* [Django Impersonate](https://bitbucket.org/petersanchez/django-impersonate/): Simple app to allow superusers to login as other (non-superuser) accounts via a quick user switch process
* [Wemake Django Template](https://github.com/wemake-services/wemake-django-template): Bleeding edge django template focused on code quality and security
* [Django SSLify](https://github.com/rdegges/django-sslify/): Force SSL on your Django site
* [Django Stronghold](https://github.com/mgrouchy/django-stronghold/): Make all your Django views default login_required
* [Django Lockdown](https://github.com/Dunedan/django-lockdown): Django Lockdown: Lock down a Django site or individual views, with configurable preview authorization
* [Impostor](https://github.com/samastur/Impostor): Django app that enables staff to log in as other users using their own credentials
* [Django Primate](https://github.com/sorl/django-primate): A Modular Django User
* [Django HTML Sanitizer](https://github.com/ui/django-html_sanitizer): A set of HTML input sanitization or cleaning utilities for django models, forms and templates
* [Django Rules Light](https://github.com/yourlabs/django-rules-light): This is a simple alternative to django-rules. The core difference is that it uses as registry that can be modified on runtime, instead of database models.
* [Django Inspectional Registration](https://github.com/lambdalisue/django-inspectional-registration): Django registration app with Inspection before activation
* [Django Mongo Auth](https://github.com/mitar/django-mongo-auth): Django authentication based on an extensible MongoEngine user class
* [HTML Sanitizer](https://github.com/matthiask/html-sanitizer): Allowlist-based HTML cleaner
* [Bleach](https://github.com/mozilla/bleach): Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes## Tools
* [Django Trawler](https://bitbucket.org/onelson/django-trawler/src/default/): This app is used to send out phishing emails and collect data on which recipients acted on them
* [DJ Checkup](https://djcheckup.com/): basic automated security checkup for Django websites
* [SSL Checker](https://www.sslshopper.com/ssl-checker.html): diagnose problems with your SSL certificate installation
* [Safety](https://pyup.io/safety/): check your dependencies for known security vulnerabilities
* [Mozilla Observatory](https://observatory.mozilla.org): The Mozilla Observatory is a set of tools to analyze your website and inform you if you are utilizing the many available methods to secure it.
* [Snyk](https://snyk.io): CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies## Vulnerabilities
* [Django Debreach](https://github.com/lpomfrey/django-debreach/): Basic/extra mitigation against the BREACH attack for Django projects
* [Django CVEs](https://www.cvedetails.com/vulnerability-list/vendor_id-10199/product_id-18211/Djangoproject-Django.html)
* [Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)](https://seclists.org/oss-sec/2019/q2/138)## Guidelines
* [Django Security Tips](https://github.com/sellonen/django-security-tips): Learn and promote secure system administration tips and practices in the Django community
* [OWASP Python Security Project](http://www.pythonsecurity.org/)## Documentation
* [Django Docs: Security in Django](https://docs.djangoproject.com/en/2.2/topics/security/)
* [Django Packages: Security](https://djangopackages.org/grids/g/security/)
* [Deployment checklist](https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/)
* [Mozilla's tutorial on Django web application security](https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/web_application_security)## Courses
* [Learn the secrets to defensive programming in Python and Django](https://www.synopsys.com/blogs/software-security/defensive-programming-python-django/)
## Talks
* [Terri Oda - Python Security Tools - PyCon 2019](https://www.youtube.com/watch?v=e7zzdl8OXCU)
## Articles
* [What You Need to Know to Manage Users in Django Admin](https://realpython.com/manage-users-in-django-admin/)
* [MDN - Django web application security](https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/web_application_security)
* [Protect Your Django Web Application From Security Threats](https://dzone.com/articles/protect-your-django-web-application-from-security-1)
* [10 tips for making the Django Admin more secure](https://opensource.com/article/18/1/10-tips-making-django-admin-more-secure)
* [Tips and Tools for Securing Django](https://www.laurencegellert.com/2019/01/tips-and-tools-for-securing-django/)
* [Django in the wild: tips for deployment survival](https://medium.freecodecamp.org/django-in-the-wild-tips-for-deployment-survival-9b491081c2e4)
* [Django Web Application Security](https://pt.slideshare.net/levigross/django-web-application-security)
* [Django in the real world](https://pt.slideshare.net/jacobian/django-in-the-real-world/)
* [XSS Exploitation in Django Applications](https://tonybaloney.github.io/posts/xss-exploitation-in-django.html)