Mozilla Tutorial for Django web application security: https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/web_application_security

Dlint is a tool for encouraging best coding practices and helping ensure we're writing secure Python code: https://github.com/duo-labs/dlint

A collection of Django security-related tools and topics. If you are concerned about security and use django for productivity, this can be of help. https://github.com/vintasoftware/awesome-django-security

Google's extension to check for breached credentials https://www.blog.google/technology/safety-security/google-password-checkup-cross-account-protection/

Asim Hussain's very educative talk on ng-conf: 3 web app hacking cases. https://www.youtube.com/watch?v=C7D4WTLNEUQ

Python Security Best Practices Cheat Sheet https://snyk.io/blog/python-security-best-practices-cheat-sheet/

Awesome Python Security https://github.com/guardrailsio/awesome-python-security/blob/master/README.md

Awesome Python Security resources https://github.com/guardrailsio/awesome-python-security

An awesome security checklist written by Sqreen folks that you should definitely take a look into https://www.sqreen.io/checklists/saas-cto-security-checklisthttps://www.sqreen.io/checklists/saas-cto-security-checklist

Very good talk about security on web apps https://www.youtube.com/watch?v=C7D4WTLNEUQ

You should try this lib in order to keep your Rest API safe https://github.com/flipkart-incubator/Astra

You should be careful when naming your heroku apps https://www.varvet.com/blog/the-oh-shit-moment/

New browser features to secure Single Page Applications: https://techblog.commercetools.com/web-security-for-single-page-applications-great-impact-with-little-effort-a7a506cec20b

10 common security gotchas in Python and how to avoid them: https://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03

Auto-incremented primary keys are not very safe, consider using uuid https://medium.com/@jdedek/using-uuids-as-primary-keys-ca1fb409bb7c

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection https://github.com/airbnb/binaryalert

Process untrusted XML safely with defusedxml Python lib: https://github.com/tiran/defusedxml

Let users paste passwords: https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords

Hacking your own password hashes to test security: https://blog.codinghorror.com/hacker-hack-thyself/

HTTPOnly flag on the session cookies helps to prevent XSSs from escalating to session hijack: https://docs.djangoproject.com/en/1.10/ref/settings/#std:setting-SESSION_COOKIE_HTTPONLY

SHA1 first collision was generated. You should be using SHA256: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

Use this lib to estimate password strength in Python: https://github.com/dwolfhub/zxcvbn-python