Does it support Django Rest Framework (DRF)?

Absolutely. It provides configurations for DRF permission classes, token/JWT authentication, and API rate limiting (throttling).

How does this skill help with Django production settings?

It provides a comprehensive security checklist for settings.py, including HSTS, SSL redirects, and secure cookie configurations required for production environments.

Can it help with custom user models?

Yes, it includes standardized patterns for implementing secure AbstractUser models using email as the primary identifier.

How does it handle database security?

The skill enforces safe ORM usage and provides specific guidance on correctly parameterizing raw SQL queries to prevent SQL injection attacks.

Django Security Best Practices

Name: Django Security Best Practices
Author: xu-xiang

byxu-xiang

•

Security & Testing

Implements robust security patterns and production-ready configurations for Django applications to prevent common web vulnerabilities.

The django-security skill provides Claude with specialized knowledge to harden Django applications against modern web threats. It offers production-grade settings for security headers, session management, and authentication, alongside implementation patterns for Role-Based Access Control (RBAC), SQL injection prevention via the ORM, and Cross-Site Scripting (XSS) mitigation. Whether you are bootstrapping a new project or auditing an existing codebase, this skill ensures your application adheres to industry-standard security protocols and OWASP recommendations.

Key Features

01API-specific security including rate limiting and JWT authentication.

02Comprehensive protection strategies for SQL Injection, XSS, and CSRF.

03Secure file upload validation and storage best practices.

04Production-ready security settings for HSTS, SSL, and secure cookies.

0561 GitHub stars

06Custom user model and Role-Based Access Control (RBAC) implementation patterns.

Use Cases

01Hardening a Django project for secure production deployment.

02Performing security audits on views, templates, and database queries.

03Implementing complex user permission logic and administrative roles.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add xu-xiang/everything-claude-code-zh django-security

For use in Claude.ai and ChatGPT

Download Skill