Slide Deck
Engineering Software Security
Security is a non-functional requirement, which means it should be pervasive throughout the software system.
However, too often development teams treat security as an “add-on” or “module” that is tacked on at the end. It’s incredibly important to think about the various aspects of security at each phase of development. Think specifically about security in the maintenance phase and how security audits work post-release.
Step 1) Everyone should read the information at these two links: https://www.laurencegellert.com/2019/01/tips-and-tools-for-securing-django/ and https://docs.djangoproject.com/en/4.1/topics/security/
Step 2) Run these automated security checks on your app: https://djcheckup.com/, https://observatory.mozilla.org/, and also run python manage.py check --deploy
from your command line with your project.
Step 3) Answer the following questions:
1) What are some steps that these tools told your team you should take to secure your app? How hard would it be to implement them?
2) Find one simple fix that you can do and then re-run the tools. Did the results change? (If you cannot find a simple fix, explain why you cannot.)
3) What is the main problem with using automated security checking tools? Describe your reasoning.