Callisto (http://projectcallisto.org/) is an online reporting system designed to provide a more empowering, transparent, and confidential reporting experience for college sexual assault survivors. It's absolutely essential that we keep our user's data secure. So essential, in fact, that we couldn't leave it up to developers alone. We'll go over what Django settings, libraries and practices we used to ensure that on the development end. Then we'll walk through the process of obtaining, undergoing, and acting on a formal security audit from a professional security firm. You'll find out what they were looking for, what we missed, and how we fixed it, and how you might approach similar challenges for your companies and applications.