Give your Django pony a security checkup.

Are you running a Django website? Security can be tricky business, and it's easy to forget something.

Results are only reliable for Django websites.

What is this?

Erik's Pony Checkup is an automated security checkup for Django websites. There are several security practices that can easily be probed from the outside, and this is what Erik's pony checkup looks for.

Knowing what's wrong is only the first step: Erik's Pony Checkup helps by explaining not just the risks, but also how to best fix an issue.

This is by no means a perfect system. This is not a replacement for a full security audit. But it is a simple and fast way of seeing the basic pressing issues. Do note that there are many vulnerabilities which can not be detected in this way, like SQL or XSS injection.

Why did you build this?

To help the ordinary developer with securing their Django projects. In June 2012, I spoke at Djangocon EU about Building secure Django websites (video/slides) which met with great response. I was inspired to build this tool by Jessica McKellar's keynote, in which she explained how hard all this can be for people new to Django.

In addition, many experienced Django developers approached me after my talk to admit that they had made some of the errors I mentioned. Someone even made a serious error on stage the next day. This, combined with the fact that quite a few things can easily be checked remotely with a few HTTP requests, inspired me to build this.

Who built this?

I'm Erik Romijn and I make things in Amsterdam, The Netherlands.