Pentester by day, web developer by night. After graduating as a physicist in Tübingen, Germany in 2013, Pascal started working as a penetration tester for web applications, mobile applications, and windows networks. In 2018, he started to work on his own web application. Having written a couple of Python scripts before, Pascal was happy to find Django as a Python-based web framework with a strong security focus.
Django can make you feel like you are in security heaven and yet there are some pitfalls to avoid. In this talk, I want to praise Django design choices, give an overview of Django's security features and their limitations and conclude with some general security best practices to keep in mind.