This talk will introduce several advanced security topics, and discuss how Django fares. Topics will include timing attacks, man-in-the-middle, hashing issues, brute force attacks, and several topics that can’t currently be discussed (pending fixes in core). Expect practical demonstrations of “theoretical” vulnerabilities.

The second half of the talk will focus on how we can improve Django’s security in the future. How can we improve response time and transparency for security issues? How can we make it easier to provide security enhancements for new code while retaining backwards compatibility? How can the community work to support security work that is low on the priority list for current core devs?