👩💻 Secure Coding Policy
We adhere to the OWASP Secure Coding Practices Checklist and improve security following a risk-based approach and continuous improvement process.
Additionally, the following requirements must be met:
- All API endpoints must be added to
test_api.py- We limit endpoints to certain user permissions using
permission_classesinviews.py - This ensures that only users with defined permission levels can use the endpoints
- If this is not possible, explicit test cases must be defined
- We limit endpoints to certain user permissions using
- If users with the same permission level can use one endpoint, but only with a limited dataset (e.g., list their own projects, but not those of others), this must be covered by explicit test cases.
- We limit the available dataset using
get_querysetmethods inviews.pyperferably usingonly_permittedmethods (inqueryset.py).
- We limit the available dataset using
This policy applies to the projects:
Last reviewed: 13/04/2026