How we found our security best practices (and what they are)

A Talk presented by James Socol
log in to bookmark.

Audience level

Intermediate

Category

Security

Time

September 4th, 5:10 p.m. – 5:50 p.m.


Description

Mozilla takes data security very seriously. We have AppSec, OpSec, and InfraSec teams, and our web developers have baked our security best practices into documentation and a Django app called Funfactory. Hear how we came to those best practices, what they are, and how to follow them.


Abstract

Privacy and security are key parts of Mozilla's mission, and we build some of the largest Django applications on the web, so being at the absolutely forefront of security is crucial to us. And having a great user experience is, too. So over the past few years, we've developed a number of proposals, tools--like Bleach and django-ratelimit--and best practices, and we've wrapped these up into our application template Playdoh and an app called Funfactory.

I'll share those best practices and their motivations. We'll also go over a number of tools, settings, and even some fairly new web standard proposals (with tools, of course) to help you build the most secure Django applications you can, at whatever scale you're building.