Give your Django pony a security checkup.

Are you running a Django website? Security can be tricky business, and it's easy to forget something.

Results are only reliable for Django websites.

What is this?

Sasha's Pony Checkup is a basic automated security checkup for Django websites. There are several security practices that can easily be probed from the outside, and this is what Sasha's Pony Checkup looks for.

Knowing what's wrong is only the first step: Sasha's Pony Checkup helps by explaining not just the risks, but also gives hints on how to best fix an issue.

This is not a replacement for a full security audit. But it is a simple and fast way of seeing several basic pressing issues. Do note that there are many vulnerabilities which can not be detected in this way, like SQL or XSS injection.

Why did you build this?

To help the ordinary developer to take a step with securing their Django projects. In June 2012, I spoke at Djangocon Europe about Building secure Django websites which met with great response. I was inspired to build this tool by Jessica McKellar's keynote, in which she explained how hard all this can be for people new to Django.

In addition, many experienced Django developers approached me after my talk to admit that they had made some of the errors I mentioned. Someone even made a serious error on stage the next day. This, combined with the fact that quite a few things can easily be checked remotely with a few HTTP requests, inspired me to build this.

Who built this?

I'm Sasha Romijn, mostly a developer and mainly focusing on Python/Django. I live in Amsterdam, The Netherlands. I’m passionate about building inclusive communities, technology and conferences, where everyone can feel welcome, valued and at home. I’m also particularly interested in issues around well-being and ethics in tech.