/awesome-django-security

A collection of Django security-related tools and libs.


Awesome

List inspired by the awesome list thing.

Supported by: Vinta Software


Awesome Django Security

A collection of Django security-related tools and topics. If you are concerned about security and use django for productivity, this can be of help.

If you'd like to contribute to this list, simply open a PR with your additions.

Maintained by @tcostam. If you have contributions but don't have the time, give me a shout at twitter

Table of Contents

Libs

MFA

  • Django Secure Auth: Secure authentication by TOTP, SMS, Codes & Question. Login protected by IP ranges and with captcha
  • Django MFA2: A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Webauthn), Email Token and Trusted Devices
  • Django Two Factor Auth: Django Two Factor Auth: Complete Two-Factor Authentication for Django providing the easiest integration into most Django projects

Session management

Permissions management

  • DjangoRestFramework Api Key: API key permissions for the Django REST Framework
  • Django Rules: flexible and scalable Django authorization backend for unified per object permission management
  • Django Rules: provides object-level permissions to Django, without requiring a database
  • Django Role Permissions: A django app for role based permissions
  • Dry Rest Permissions: Dry Rest Permissions: Rules based permissions for the Django Rest Framework
  • Django Guardian: implementation of per-object permissions on top of Django's authorization backend.
  • Django Authority: A Django app that provides generic per-object-permissions for Django's auth app and helpers to create custom permission checks
  • Django Permission: An enhanced permission system which support object permission in Django
  • Django Rulez: A lean and mean object-level rules system for the Django framework

Honeypots

  • Django Admin Honeypot: django-admin-honeypot is a fake Django admin login screen to log and notify admins of attempted unauthorized access
  • Django Honeypot: Django Honeypot: Generic honeypot utilities for use in django projects

Cryptography

Storage

Other

  • Django Security: A collection of models, views, middlewares, and forms to help secure a Django project.
  • Django Sudo: Extra security for your sensitive pages
  • Django Impersonate: Simple app to allow superusers to login as other (non-superuser) accounts via a quick user switch process
  • Wemake Django Template: Bleeding edge django template focused on code quality and security
  • Django SSLify: Force SSL on your Django site
  • Django Stronghold: Make all your Django views default login_required
  • Django Lockdown: Django Lockdown: Lock down a Django site or individual views, with configurable preview authorization
  • Impostor: Django app that enables staff to log in as other users using their own credentials
  • Django Primate: A Modular Django User
  • Django HTML Sanitizer: A set of HTML input sanitization or cleaning utilities for django models, forms and templates
  • Django Rules Light: This is a simple alternative to django-rules. The core difference is that it uses as registry that can be modified on runtime, instead of database models.
  • Django Inspectional Registration: Django registration app with Inspection before activation
  • Django Mongo Auth: Django authentication based on an extensible MongoEngine user class
  • HTML Sanitizer: Allowlist-based HTML cleaner
  • Bleach: Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes

Tools

  • Django Trawler: This app is used to send out phishing emails and collect data on which recipients acted on them
  • Pony Checkup: basic automated security checkup for Django websites
  • SSL Checker: diagnose problems with your SSL certificate installation
  • Safety: check your dependencies for known security vulnerabilities
  • Mozilla Observatory: The Mozilla Observatory is a set of tools to analyze your website and inform you if you are utilizing the many available methods to secure it.
  • Snyk: CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies

Vulnerabilities

Guidelines

Documentation

Courses

Talks

Articles