Security Standards - Development

• Click here for Standards

• Click here for Django / Python Code Standards

• Click here for Documentation

• Click here for HTML Code Standards

• Click here for Ember / JavaScript Code Standards

• Click here for Sys-Admin and Configuration Management

• Click here for Technology Standards

• Click here for UI Standards

• Click here for Security - Sys-Admin

We should create an AppSec Program. Start by working through these resources:

• This is an excellent video, by https://twitter.com/edgeroute, setting out a strategy for improving security of web apps: Building an AppSec Program with a Budget of $0 (Beyond the OWASP Top 10)

• The PowerPoint slides are here: misc/DevOps_Buiding-an-AppSec-Program_Chris-Romeo_AppSecEU2018.pdf

Django

Remove the admin app. To replace:

from django.contrib.admin.views.decorators import staff_member_required

Do the following:

from django.contrib.auth.decorators import user_passes_test

@user_passes_test(lambda u: u.is_staff)
def report_consent_user_download(request, pk):