Give your Django pony a security checkup.


Are you running a Django website? Security can be tricky business, and it's easy to forget something.

Results are only reliable for Django websites. For a more extensive review, check out Secure Django.

What is this?

Erik's Pony Checkup is an automated security checkup for Django websites. There are several security practices that can easily be probed from the outside, and this is what Erik's pony checkup looks for.

Knowing what's wrong is only the first step: Erik's Pony Checkup helps by explaining not just the risks, but also how to best fix an issue.

This is by no means a perfect system. This is not a replacement for a full security audit. But it is a simple and fast way of seeing the basic pressing issues. Do note that there are many vulnerabilities which can not be detected in this way, like SQL or XSS injection.

Why did you build this?

To help the ordinary developer with securing their Django projects. In June 2012, I spoke at Djangocon EU about Building secure Django websites (video/slides) which met with great response. I was inspired to build this tool by Jessica McKellar's keynote, in which she explained how hard all this can be for people new to Django.

In addition, many experienced Django developers approached me after my talk to admit that they had made some of the errors I mentioned. Someone even made a serious error on stage the next day. This, combined with the fact that quite a few things can easily be checked remotely with a few HTTP requests, inspired me to build this.

Who built this?

I'm Erik Romijn, App Maker from Amsterdam, The Netherlands. I make mobile and web apps. I do a mix of freelance work and independent projects, mostly with Django and iOS.

I live in the city of Appsterdam, where we are working to create the best place in the world to be or become an App Maker.

Looking for a more extensive review?

Pony checkup is a start, but still very basic. For a more extensive review, check out Secure Django: security reviews for your Django projects. You’ll get your projects reviewed with specific Django expertise, with results that are understandable and actionable for any developer. And all with clear advance pricing.