summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2016-04-06 13:00:38 -0400
committerTim Graham <timograham@gmail.com>2016-04-09 07:49:40 -0400
commitf6ca63a9f8b3d030097135e096c1041e09c29fd9 (patch)
tree3bbdcdc1d244faf943c36bd1ad05bcfe0d97cda7 /docs
parentb2aab09fe99b0e6e2e0357a7a794355a631c3039 (diff)
Refs #26464 -- Added a link to OWASP Top 10 in security topic guide.
Diffstat (limited to 'docs')
-rw-r--r--docs/topics/security.txt5
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/topics/security.txt b/docs/topics/security.txt
index 324e198410..eb1172e7e8 100644
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -273,5 +273,10 @@ security protection of the Web server, operating system and other components.
* Keep your :setting:`SECRET_KEY` a secret.
* It is a good idea to limit the accessibility of your caching system and
database using a firewall.
+* Take a look at the Open Web Application Security Project (OWASP) `Top 10
+ list`_ which identifies some common vulnerabilities in web applications. While
+ Django has tools to address some of the issues, other issues must be
+ accounted for in the design of your project.
.. _LimitRequestBody: https://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody
+.. _Top 10 list: https://www.owasp.org/index.php/Top_10_2013-Top_10