Metadata-Version: 2.4
Name: django-security-suite
Version: 1.0.0
Summary: Enterprise-grade security suite for Django applications with ISO 27001 and OWASP Top 10 compliance
Author-email: Django Security Suite Team <security@django-security-suite.org>
License: MIT
Project-URL: Homepage, https://github.com/django-security-suite/django-security-suite
Project-URL: Documentation, https://django-security-suite.readthedocs.io
Project-URL: Repository, https://github.com/django-security-suite/django-security-suite
Project-URL: Issues, https://github.com/django-security-suite/django-security-suite/issues
Project-URL: Changelog, https://github.com/django-security-suite/django-security-suite/blob/main/CHANGELOG.md
Keywords: django,security,authentication,encryption,audit,ISO27001,OWASP,rate-limiting,session-security,input-validation,data-protection,compliance
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Framework :: Django
Classifier: Framework :: Django :: 4.2
Classifier: Framework :: Django :: 5.0
Classifier: Framework :: Django :: 5.2
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
Classifier: Topic :: Internet :: WWW/HTTP :: WSGI
Classifier: Topic :: Security
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: django>=4.2
Requires-Dist: djangorestframework>=3.14.0
Requires-Dist: bleach>=6.0.0
Requires-Dist: cryptography>=40.0.0
Requires-Dist: django-axes>=6.0.0
Requires-Dist: django-crypto-fields>=0.4.0
Requires-Dist: python-decouple>=3.8
Requires-Dist: redis>=4.5.0
Requires-Dist: itsdangerous>=2.1.0
Requires-Dist: requests>=2.31.0
Requires-Dist: python-magic>=0.4.27
Provides-Extra: mfa
Requires-Dist: django-otp>=1.3.0; extra == "mfa"
Requires-Dist: qrcode>=7.4.0; extra == "mfa"
Provides-Extra: postgres
Requires-Dist: psycopg[binary,pool]>=3.1.0; extra == "postgres"
Provides-Extra: production
Requires-Dist: gunicorn>=23.0.0; extra == "production"
Requires-Dist: whitenoise>=6.5.0; extra == "production"
Provides-Extra: dev
Requires-Dist: pytest>=7.0.0; extra == "dev"
Requires-Dist: pytest-django>=4.5.0; extra == "dev"
Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
Requires-Dist: pytest-env>=1.0.0; extra == "dev"
Requires-Dist: black>=23.0.0; extra == "dev"
Requires-Dist: ruff>=0.1.0; extra == "dev"
Requires-Dist: mypy>=1.0.0; extra == "dev"
Requires-Dist: django-stubs>=4.0.0; extra == "dev"
Requires-Dist: types-requests>=2.31.0; extra == "dev"
Requires-Dist: types-redis>=4.5.0; extra == "dev"
Provides-Extra: docs
Requires-Dist: mkdocs>=1.5.0; extra == "docs"
Requires-Dist: mkdocs-material>=9.0.0; extra == "docs"
Requires-Dist: mkdocstrings[python]>=0.24.0; extra == "docs"
Requires-Dist: mkdocs-autorefs>=0.5.0; extra == "docs"
Provides-Extra: all
Requires-Dist: django-security-suite[dev,docs,mfa,postgres,production]; extra == "all"
Dynamic: license-file

# Django Security Suite

[![PyPI version](https://badge.fury.io/py/django-security-suite.svg)](https://badge.fury.io/py/django-security-suite)
[![Python Support](https://img.shields.io/pypi/pyversions/django-security-suite.svg)](https://pypi.org/project/django-security-suite/)
[![Django Support](https://img.shields.io/badge/django-4.2%20|%205.0%20|%205.2-blue.svg)](https://www.djangoproject.com/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
[![Coverage](https://img.shields.io/codecov/c/github/django-security-suite/django-security-suite.svg)](https://codecov.io/gh/django-security-suite/django-security-suite)

Enterprise-grade security suite for Django applications providing comprehensive protection against OWASP Top 10 vulnerabilities with ISO 27001 compliance features.

## 🔒 Features

### Core Security
- **🛡️ Security Headers**: Automatic CSP, HSTS, X-Frame-Options configuration
- **⚡ Rate Limiting**: Redis-backed rate limiting with sliding window algorithm
- **🔍 Suspicious Pattern Detection**: Real-time detection of SQL injection, XSS, and path traversal attempts
- **📏 Request Size Limiting**: DoS protection through request size enforcement

### Authentication & Session Security
- **🔐 Brute Force Protection**: Account lockout with exponential backoff
- **⏰ Session Security**: Absolute timeout, inactivity timeout, IP binding
- **🔑 Password Validators**: HIBP integration, complexity requirements, history tracking
- **📱 MFA Support**: TOTP/HOTP through django-otp integration

### Data Protection
- **🔒 Searchable Encryption**: Encrypted fields with substring search capability
- **🔑 Field Encryption**: Integration with django-crypto-fields
- **📝 Key Management**: Secure key rotation and versioning
- **🔍 N-gram Indexing**: Privacy-preserving search on encrypted data

### Input Validation & Sanitization
- **✨ Auto-sanitization**: HTML, SQL, and script injection prevention
- **📧 Strict Validators**: Email, URL, phone number validation
- **🧹 DRF Integration**: Secure serializer fields with built-in validation
- **🚫 Injection Prevention**: Protection against XSS, SQL injection, command injection

### Audit & Compliance
- **📊 Tamper-evident Audit Logs**: Hash-chained audit trail
- **🔍 API Request Logging**: Complete request/response capture
- **😷 PII Masking**: Automatic PII detection and redaction
- **📋 Compliance Reports**: ISO 27001 and OWASP Top 10 mapping

## 📦 Installation

```bash
pip install django-security-suite
```

For additional features:
```bash
# With MFA support
pip install "django-security-suite[mfa]"

# With PostgreSQL optimizations
pip install "django-security-suite[postgres]"

# All features
pip install "django-security-suite[all]"
```

## 🚀 Quick Start

### 1. Add to INSTALLED_APPS

```python
INSTALLED_APPS = [
    # Django apps
    'django.contrib.admin',
    'django.contrib.auth',
    # ...

    # Django Security Suite
    'django_security_suite',
    'django_security_suite.authentication',
    'django_security_suite.encryption',
    'django_security_suite.validation',
    'django_security_suite.audit',

    # Required dependencies
    'axes',
    'django_otp',
    'django_otp.plugins.otp_totp',
    'django_crypto_fields',
]
```

### 2. Apply Secure Defaults

```python
# settings.py
from django_security_suite.conf import apply_secure_defaults

# Choose a risk profile: 'strict', 'moderate', or 'relaxed'
apply_secure_defaults(globals(), preset='moderate')

# Or customize specific settings
DJANGO_SEC = {
    'RISK_PROFILE': 'moderate',
    'ENABLE_RATE_LIMITING': True,
    'ENABLE_AUDIT_LOGGING': True,
    'AUTH_PROTECTION': {
        'MAX_LOGIN_ATTEMPTS': 5,
        'LOCKOUT_DURATION': 900,  # 15 minutes
    },
    'SESSION_SECURITY': {
        'ABSOLUTE_TIMEOUT': 28800,  # 8 hours
        'INACTIVITY_TIMEOUT': 3600,  # 1 hour
    },
}
```

### 3. Update Middleware

```python
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',

    # Django Security Suite middleware
    'django_security_suite.core.middleware.SecurityHeadersMiddleware',
    'django_security_suite.core.middleware.RateLimitingMiddleware',
    'django_security_suite.authentication.middleware.SessionSecurityMiddleware',
    'django_security_suite.authentication.middleware.BruteForceProtectionMiddleware',
    'django_security_suite.audit.middleware.AuditLoggingMiddleware',

    # Rest of your middleware...
]
```

### 4. Run Migrations

```bash
python manage.py migrate
```

## 📚 Usage Examples

### Encrypted Fields with Search

```python
from django.contrib.auth.models import AbstractUser
from django_security_suite.encryption.fields import SearchableEncryptedTextField

class User(AbstractUser):
    # Searchable encrypted field
    phone_number = SearchableEncryptedTextField(max_length=20, blank=True)

    # Standard encrypted field (no search)
    ssn = models.CharField(max_length=11, blank=True)

# Query encrypted fields
users = User.objects.filter(phone_number__contains='555')  # Works!
```

### Rate Limiting

```python
from django_security_suite.core.decorators import rate_limit

@rate_limit(limit='10/m', key='user')
def api_endpoint(request):
    return JsonResponse({'status': 'ok'})
```

### Input Validation

```python
from django_security_suite.validation.serializers import SecureSerializer
from django_security_suite.validation.fields import SecureCharField, SecureEmailField

class UserSerializer(SecureSerializer):
    name = SecureCharField(max_length=100)
    email = SecureEmailField()
    bio = SecureCharField(max_length=500, sanitize_html=True)
```

### Audit Logging

```python
# Automatic model tracking
from django_security_suite.audit.decorators import audit_log

@audit_log(action='user.login', include_ip=True)
def login_view(request):
    # Login logic
    pass

# Query audit logs
from django_security_suite.audit.models import AuditLog

recent_logins = AuditLog.objects.filter(
    action='user.login',
    created_at__gte=timezone.now() - timedelta(hours=24)
)
```

## 🔧 Configuration

### Risk Profiles

Django Security Suite provides three pre-configured risk profiles:

| Profile | Use Case | Security Level | Performance Impact |
|---------|----------|----------------|-------------------|
| **Strict** | Production systems with sensitive data | Maximum | Higher |
| **Moderate** | Standard production systems | Balanced | Medium |
| **Relaxed** | Development and testing | Basic | Minimal |

### Environment Variables

```bash
# .env file
SECRET_KEY=your-secret-key-minimum-50-characters
DEBUG=False
ALLOWED_HOSTS=yourdomain.com
REDIS_URL=redis://localhost:6379/0
DJANGO_CRYPTO_FIELDS_KEY_PATH=/secure/path/crypto_keys
SECURITY_RISK_PROFILE=moderate
```

## 🛠️ Advanced Features

### Custom Password Validators

```python
DJANGO_SEC = {
    'PASSWORD_VALIDATORS': [
        {
            'NAME': 'django_security_suite.authentication.validators.MinimumLengthValidator',
            'OPTIONS': {'min_length': 12}
        },
        {
            'NAME': 'django_security_suite.authentication.validators.BreachedPasswordValidator',
        },
        {
            'NAME': 'django_security_suite.authentication.validators.PasswordReuseValidator',
            'OPTIONS': {'history_limit': 5}
        },
    ],
}
```

### Content Security Policy

```python
from django_security_suite.core.decorators import csp_update

@csp_update(script_src=["'self'", "https://cdn.example.com"])
def view_with_external_scripts(request):
    return render(request, 'template.html')
```

### Suspicious Pattern Actions

```python
DJANGO_SEC = {
    'SUSPICIOUS_PATTERNS': {
        'ENABLED': True,
        'ACTIONS': ['log', 'block', 'notify'],
        'AUTO_BAN_AFTER': 10,  # Ban IP after 10 violations
        'PATTERNS': {
            'SQL_INJECTION': True,
            'XSS_ATTEMPT': True,
            'PATH_TRAVERSAL': True,
            'COMMAND_INJECTION': True,
        },
    },
}
```

## 📊 Monitoring & Reporting

### Security Dashboard

```bash
python manage.py security_report
```

Output:
```
Django Security Suite - Security Report
=======================================
Risk Profile: MODERATE
Total Users: 1,234
Failed Login Attempts (24h): 45
Locked Accounts: 3
Suspicious Patterns Detected: 12
Active Sessions: 234
Encrypted Fields: 5
Audit Logs (7 days): 10,234
```

### Compliance Check

```bash
python manage.py check_security --compliance=ISO27001
```

## 🧪 Testing

Run the test suite:

```bash
# Basic tests
pytest

# With coverage
pytest --cov=django_security_suite

# Security-specific tests
pytest -m security
```

## 📖 Documentation

Full documentation is available at [https://django-security-suite.readthedocs.io](https://django-security-suite.readthedocs.io)

- [Installation Guide](https://django-security-suite.readthedocs.io/en/latest/installation/)
- [Configuration Reference](https://django-security-suite.readthedocs.io/en/latest/configuration/)
- [API Documentation](https://django-security-suite.readthedocs.io/en/latest/api/)
- [Security Best Practices](https://django-security-suite.readthedocs.io/en/latest/best-practices/)
- [Migration Guide](https://django-security-suite.readthedocs.io/en/latest/migration/)

## 🤝 Contributing

We welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.

### Development Setup

```bash
# Clone the repository
git clone https://github.com/django-security-suite/django-security-suite.git
cd django-security-suite

# Create virtual environment
python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install development dependencies
pip install -e ".[dev]"

# Run tests
pytest

# Run linting
ruff check .
black --check .
mypy django_security_suite
```

## 🔐 Security

- For security vulnerabilities, please email security@django-security-suite.org
- We follow responsible disclosure practices
- Security patches are released as soon as possible

## 📝 License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

## 🙏 Acknowledgments

- Django Software Foundation for the amazing Django framework
- OWASP for security best practices and guidelines
- All contributors and users of this project

## 📊 Stats

- **11,000+** lines of production-tested code
- **90%+** test coverage
- **5** major security modules
- **ISO 27001** compliant
- **OWASP Top 10** protection

## 🚦 Project Status

![Tests](https://github.com/django-security-suite/django-security-suite/workflows/Tests/badge.svg)
![Security](https://github.com/django-security-suite/django-security-suite/workflows/Security/badge.svg)
![Documentation](https://github.com/django-security-suite/django-security-suite/workflows/Documentation/badge.svg)

---

<div align="center">
Made with ❤️ for the Django community
<br>
<a href="https://www.djangoproject.com/">Django</a> •
<a href="https://owasp.org/">OWASP</a> •
<a href="https://www.iso.org/iso-27001-information-security.html">ISO 27001</a>
</div>
