Description
Django's awesomeness unfortunately doesn't make it impenetrable. This talk will cover common pitfalls of the Django developer as seen through the eyes of a hacker or malicious user.
Abstract
Django is arguably the most secure web framework. The Django team have done an excellent job making secure-by-default decisions for our web applications in many situations. Still, the last mile in development is where the bulk of security vulnerabilities can be introduced and Django's powerful flexibility allows for plenty of rope for developers to hang themselves. Understanding the vulnerabilities that can be created by common mistakes or misconceptions and overlooked details in development will be useful for any Django user.