We all usually have a CI server that runs our tests and verifies the python syntax and some other common programming errors using pylint. I was wondering... is there any security-focused static code analyzer that can find (security) bugs in my django project?

For this project we're already doing peer review of the source code we commit/push, but realized that it would be nice to have "something more" to cover more ground on the security side.

asked 15 Sep '13, 19:51

andresriancho's gravatar image

andresriancho
112
accept rate: 0%


actually what kind of security bugs , i never think about security when i am using django because as far as i know framework itself forces you to write secure code

such as xss, CSRF, sql injection

https://docs.djangoproject.com/en/dev/topics/security/

link

answered 16 Sep '13, 11:57

DjangoForum's gravatar image

DjangoForum ♦♦
6317
accept rate: 8%

Yes, I know that the framework helps you write secure code, but you can still add SQL injections by using the raw() method of the ORM, XSS by using |safe, etc.

In small projects with skilled Django developers, it should be fine... but when the project grows you want to make sure things are safe.

(16 Sep '13, 12:08) andresriancho
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×46
×2
×1

Asked: 15 Sep '13, 19:51

Seen: 2,070 times

Last updated: 16 Sep '13, 12:08

powered by OSQA