UsefulLinks
Computer Science
Web Development
Django Framework
1. Introduction to Django
2. Getting Started
3. Models: The Data Layer
4. Views: The Logic Layer
5. Templates: The Presentation Layer
6. URL Routing
7. Forms
8. The Django Admin
9. Static and Media Files
10. Authentication and Authorization
11. Testing
12. Security
13. Advanced Topics
14. Deployment
15. Extending Django
12.
Security
12.1.
Cross-Site Scripting (XSS) Protection
12.1.1.
Auto-Escaping in Templates
12.1.2.
Marking Safe Content
12.1.3.
`|safe` Filter
12.1.4.
`{% autoescape %}` Tag
12.2.
Cross-Site Request Forgery (CSRF) Protection
12.2.1.
CSRF Middleware
12.2.2.
Using `{% csrf_token %}` in Forms
12.2.3.
CSRF in AJAX
12.2.4.
Exempting Views from CSRF
12.2.4.1.
`@csrf_exempt`
12.2.4.2.
`@ensure_csrf_cookie`
12.3.
SQL Injection Protection
12.3.1.
ORM Query Safety
12.3.2.
Parameterized Queries
12.3.3.
Avoiding Raw SQL
12.3.4.
Safe Use of `extra()`
12.4.
Clickjacking Protection
12.4.1.
X-Frame-Options Middleware
12.4.2.
Using `@xframe_options_exempt`
12.4.3.
Using `@xframe_options_deny`
12.4.4.
Using `@xframe_options_sameorigin`
12.5.
HTTPS/SSL
12.5.1.
Enforcing HTTPS
12.5.1.1.
`SECURE_SSL_REDIRECT`
12.5.1.2.
`SECURE_PROXY_SSL_HEADER`
12.5.2.
Secure Cookies
12.5.2.1.
`SESSION_COOKIE_SECURE`
12.5.2.2.
`CSRF_COOKIE_SECURE`
12.5.3.
HSTS Settings
12.5.3.1.
`SECURE_HSTS_SECONDS`
12.5.3.2.
`SECURE_HSTS_INCLUDE_SUBDOMAINS`
12.5.3.3.
`SECURE_HSTS_PRELOAD`
12.5.4.
Content Security Policy
12.6.
User Input Validation
12.6.1.
Form Validation
12.6.2.
Model Validation
12.6.3.
File Upload Security
12.7.
The `check --deploy` Command
12.7.1.
Running Deployment Checks
12.7.2.
Interpreting Warnings and Errors
12.7.3.
Security Check Categories
Previous
11. Testing
Go to top
Next
13. Advanced Topics