This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

SCG WF Django

Jump to: navigation, search
This article is part of the OWASP Secure Configuration Guide.
Back to the OWASP Secure Configuration Guide ToC: Back to the OWASP Secure Configuration Guide Project:


Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Built by experienced developers, it takes care of much of the hassle of Web development, so you can focus on writing your app without needing to reinvent the wheel. It’s free and open source.

Common Misconfigurations

Django designed to automatically protect you from many of the common security mistakes that new (and even experienced) Web developers make. Django takes security seriously and helps developers avoid many common security mistakes. In most cases, security errors caused by deficiencies in the configuration. The official documentation contains detailed information about the dangers that await you in the use of the framework. For test and remediation common misconfigurations you can use a great checklist:

How to test

To automatically check you can use online services, such as:

or python packages, such as: