How we found our security best practices (and what they are)
Audience level
Intermediate
Category
Security
Time
September 4th, 5:10 p.m. – 5:50 p.m.
Description
Mozilla takes data security very seriously. We have AppSec, OpSec, and InfraSec teams, and our web developers have baked our security best practices into documentation and a Django app called Funfactory. Hear how we came to those best practices, what they are, and how to follow them.
Abstract
Privacy and security are key parts of Mozilla's mission, and we build some of the largest Django applications on the web, so being at the absolutely forefront of security is crucial to us. And having a great user experience is, too. So over the past few years, we've developed a number of proposals, tools--like Bleach and django-ratelimit--and best practices, and we've wrapped these up into our application template Playdoh and an app called Funfactory.
I'll share those best practices and their motivations. We'll also go over a number of tools, settings, and even some fairly new web standard proposals (with tools, of course) to help you build the most secure Django applications you can, at whatever scale you're building.