Overview of common security vulnerabilities in web applications, examples in Django: https://lchsk.com/stay-paranoid-and-trust-no-one-overview-of-common-security-vulnerabilities-in-web-applications.html

Hands-On Web Application Security with Django - PyCon 2019 https://www.youtube.com/watch?v=8W4MGggwgfM

LGTM, a continuous security analysis. A code analysis platform for finding zero-days and preventing critical vulnerabilities https://lgtm.com/

Safely install packages with npm or yarn by auditing them as part of your install process: https://github.com/lirantal/npqhttps://github.com/lirantal/npq

API Security Best Practices MegaGuide: https://expeditedsecurity.com/api-security-best-practices-megaguide/

Preventing the Top Security Weaknesses Found in Stack Overflow Code Snippets: https://stackoverflow.blog/2019/12/02/preventing-the-top-security-weaknesses-found-in-stack-overflow-code-snippets/

Bust-A-Kube CTF: attacking and defending Kubernetes https://www.youtube.com/watch?v=2fmAuR3rnBo

Modern password security for system designers https://cloud.google.com/solutions/modern-password-security-for-system-designers.pdf

Small Python library that makes it easy to exploit race conditions in web apps with Requests https://github.com/nccgroup/requests-racer

Free hackademy from Intigriti launches today https://twitter.com/intigriti/status/1171787597124947968?s=08

Some start measures one can take to mitigate the possibility of getting servers hacked https://askubuntu.com/questions/1139459/is-someone-trying-to-hack-my-server/1139463#1139463

Mozilla Tutorial for Django web application security: https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/web_application_security

Dlint is a tool for encouraging best coding practices and helping ensure we're writing secure Python code: https://github.com/duo-labs/dlint

A collection of Django security-related tools and topics. If you are concerned about security and use django for productivity, this can be of help. https://github.com/vintasoftware/awesome-django-security

Google's extension to check for breached credentials https://www.blog.google/technology/safety-security/google-password-checkup-cross-account-protection/

Asim Hussain's very educative talk on ng-conf: 3 web app hacking cases. https://www.youtube.com/watch?v=C7D4WTLNEUQ

Python Security Best Practices Cheat Sheet https://snyk.io/blog/python-security-best-practices-cheat-sheet/

Awesome Python Security https://github.com/guardrailsio/awesome-python-security/blob/master/README.md

Awesome Python Security resources https://github.com/guardrailsio/awesome-python-security

An awesome security checklist written by Sqreen folks that you should definitely take a look into https://www.sqreen.io/checklists/saas-cto-security-checklisthttps://www.sqreen.io/checklists/saas-cto-security-checklist

Very good talk about security on web apps https://www.youtube.com/watch?v=C7D4WTLNEUQ

You should try this lib in order to keep your Rest API safe https://github.com/flipkart-incubator/Astra

You should be careful when naming your heroku apps https://www.varvet.com/blog/the-oh-shit-moment/

New browser features to secure Single Page Applications: https://techblog.commercetools.com/web-security-for-single-page-applications-great-impact-with-little-effort-a7a506cec20b

10 common security gotchas in Python and how to avoid them: https://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03

Auto-incremented primary keys are not very safe, consider using uuid https://medium.com/@jdedek/using-uuids-as-primary-keys-ca1fb409bb7c

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection https://github.com/airbnb/binaryalert

Process untrusted XML safely with defusedxml Python lib: https://github.com/tiran/defusedxml

Let users paste passwords: https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords

Hacking your own password hashes to test security: https://blog.codinghorror.com/hacker-hack-thyself/

HTTPOnly flag on the session cookies helps to prevent XSSs from escalating to session hijack: https://docs.djangoproject.com/en/1.10/ref/settings/#std:setting-SESSION_COOKIE_HTTPONLY

SHA1 first collision was generated. You should be using SHA256: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

Use this lib to estimate password strength in Python: https://github.com/dwolfhub/zxcvbn-python