Tuesday 2:20 p.m.–2:45 p.m.

Making Django Really, Really, Ridiculously Secure (TW)

Kelsey Gilmore-Innis

Audience level:



So, you've gone through some checklists. You've had a pony checkup. Are you confident your Django app is secure? Really confident? Hand-it-over-to-a-team-of-expert-haxx0rs-to-tear-into confident? Find out what it's like building a Django app to store some of the most sensitive data imaginable and then undergoing a formal security audit from the best in the business.


Callisto (http://projectcallisto.org/) is an online reporting system designed to provide a more empowering, transparent, and confidential reporting experience for college sexual assault survivors. It's absolutely essential that we keep our user's data secure. So essential, in fact, that we couldn't leave it up to developers alone. We'll go over what Django settings, libraries and practices we used to ensure that on the development end. Then we'll walk through the process of obtaining, undergoing, and acting on a formal security audit from a professional security firm. You'll find out what they were looking for, what we missed, and how we fixed it, and how you might approach similar challenges for your companies and applications.