Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New CS proposal: Django #1035

Closed
AgoraSecurity opened this issue Dec 26, 2022 · 3 comments
Closed

New CS proposal: Django #1035

AgoraSecurity opened this issue Dec 26, 2022 · 3 comments
Labels
ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. HELP_WANTED Issue for which help is wanted to do the job. NEW_CS Issue about the creation of a new cheat sheet.

Comments

@AgoraSecurity
Copy link
Contributor

What is the proposed Cheat Sheet about?

Django

This Cheat Sheet will cover the basics, focusing on OWASP Top 10, that a developer should know regarding Django security.

What security issues are commonly encountered related to this area?

  • OWASP Top 10 - Since Django is used to build web applications, the top 10 applies.
  • Insecure settings - Insecure Django settings can have a negative impact on the Web App security.

What is the objective of the Cheat Sheet?

Give the readers a quick guide on what they should be careful. It will have the format of a list of DO and DO NOT (very similar to
DotNet Security Cheat Sheet )
Another approach can be like the Ruby on Rails Cheat Sheet, anyhow I think the DO and DO NOT will be easier to understand and follow.

What other resources exist in this area?

There's not significant work done on this (yet).
Django has a page Security in Django page
@AgoraSecurity AgoraSecurity added ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. HELP_WANTED Issue for which help is wanted to do the job. NEW_CS Issue about the creation of a new cheat sheet. labels Dec 26, 2022
@mackowski
Copy link
Collaborator

Hey @AgoraSecurity apologies for late reply. This is a very good idea!

@mackowski
Copy link
Collaborator

@AgoraSecurity do you want to create this cheatsheet? We will help you along the way!

@mackowski mackowski added ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. and removed ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. labels Feb 13, 2023
@ekmixon ekmixon mentioned this issue Feb 19, 2023
Open
This was referenced Feb 21, 2023
Open
Open
@ekmixon ekmixon mentioned this issue Feb 23, 2023
Open
@snyk-bot snyk-bot mentioned this issue Feb 26, 2023
Open
@ekmixon ekmixon mentioned this issue Mar 1, 2023
Open
arunjohnkuruvilla added a commit to arunjohnkuruvilla/CheatSheetSeries that referenced this issue Nov 29, 2023
@arunjohnkuruvilla
Add Django Security Cheat Sheet (OWASP#1035)
04b8b40
@arunjohnkuruvilla arunjohnkuruvilla mentioned this issue Nov 29, 2023
Merged
jmanico pushed a commit that referenced this issue Nov 29, 2023
@arunjohnkuruvilla
Add Django Security Cheat Sheet (#1035) (#1238)
f2bfcb2 
* Add Django Security Cheat Sheet (#1035)

* Update Django_Security_Cheat_Sheet.md
@Cmaiek
Copy link
Contributor

Cmaiek commented Dec 14, 2023

I believe the issue has been resolved with commit f2bfcb2 (PR #1238 )?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. HELP_WANTED Issue for which help is wanted to do the job. NEW_CS Issue about the creation of a new cheat sheet.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@AgoraSecurity @Cmaiek @mackowski and others