Are you running a Django website? Security can be tricky business, and it's easy to forget something.
Results are only reliable for Django websites.
Erik's pony checkup is an automated security checkup for Django websites. There are several security practices that can easily be probed from the outside, and this is what Erik's pony checkup looks for.
Knowing what's wrong is only the first step. Erik's pony checkup helps by explaining not just the risks, but also how to best fix an issue.
This is by no means a perfect system. This is not a replacement for a full security audit. But it is a simple and fast way of seeing the basic pressing issues. Do note that there are many vulnerabilities which can not be detected in this way, like SQL or XSS injection.
I've had an interest in security for a long time. In June 2012, I spoke at Djangocon EU about Building secure Django websites (video/slides) which met with great response. I was inspired to build this tool by Jessica McKellar's keynote, in which she explained how hard all this can be for people new to Django.
In addition, many experienced Django developers approached me after my talk to admit that they had made some of the errors I mentioned. Someone even made a serious error on stage the next day. This, combined with the fact that quite a few things can easily be checked remotely with a few HTTP requests, inspired me to build this.
I am convinced this is by no means finished and complete, so I'm happy to hear feedback on how to improve and what else we can add.
I'm Erik Romijn, App Maker from Amsterdam, The Netherlands. I love making apps - for both mobile and web. I do a mix of freelance work and independent projects, mostly with Django and iOS.
I live in the wonderful city of Appsterdam, where we are working to create the best place in the world to be or become an App Maker.