django-security_skill

This skill enforces Django security best practices across authentication, authorization, CSRF, input handling, and secure deployment configurations to protect
  • JavaScript

46.5k

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill affaan-m/everything-claude-code --skill django-security

  • SKILL.md15.4 KB

Overview

This skill provides a concise, battle-tested guide to hardening Django applications. It covers production settings, authentication and authorization, CSRF, XSS, SQL injection prevention, file upload safety, API defenses, and secure deployment recommendations. Use it to validate configurations and implement defensive coding patterns quickly.

How this skill works

The skill inspects common Django configuration areas and recommends secure defaults: production settings (cookies, HSTS, secret management), password hashing, session policies, and security headers. It also outlines safe coding patterns for authentication, permissions, ORM usage, template escaping, CSRF handling, file uploads, and API rate limiting and authentication. Practical code snippets and middleware patterns show exactly where to apply each control.

When to use it

  • Preparing a Django app for production deployment
  • Designing or reviewing authentication and authorization flows
  • Securing views, templates, and APIs against common attacks
  • Validating file upload and media storage policies
  • Hardening middleware and HTTP security headers

Best practices

  • Disable DEBUG in production and require SECRET_KEY via environment variables
  • Enforce secure cookies, HSTS, X-Frame-Options, and content-type protections
  • Use a strong password hasher (Argon2 preferred) and strict password validators
  • Prefer Django ORM and parameterized raw() queries; never interpolate user input into SQL
  • Enable CSRF tokens for forms and AJAX; only use csrf_exempt for trusted webhooks
  • Validate uploaded files (extension, size) and serve media from a safe domain or CDN

Example use cases

  • Set up production settings with SECURE_SSL_REDIRECT, SESSION_COOKIE_SECURE, and HSTS
  • Implement a custom user model using email as the username and Argon2 hashing
  • Add object-level permissions and RBAC mixins for admin/moderator workflows
  • Protect APIs with Token or JWT auth plus throttling and custom rate limits
  • Add CSP and security header middleware to mitigate XSS and clickjacking

FAQ

Not always, but a custom user model is recommended early if you need email-based authentication or extra fields; changing later is harder.

When is it safe to use csrf_exempt?

Only for endpoints that accept requests from trusted external services where CSRF is not applicable, and ensure alternative validation (e.g., request signatures).

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
django-security skill by affaan-m/everything-claude-code | VeilStrat