Django Debug Mode Enabled

Django Debug Mode Enabled

Risk: low

Description

Debug mode provides developers with detailed information about errors happening in their code. It displays tracebacks, metadata about the environment, and currently defined Django settings.

This is useful when developing, but gives the attacker information about the used Django & Python
versions to match against CVEs, and access to source code snippets, internal file paths, some variables and their values.

Recommendation

Disable the debug mode by adding the following line to your Django settings.py:

DEBUG = FALSE

Links

• Django documentation

Standards

• PCI_STANDARDS:
  • REQ_6_5
• OWASP_ASVS_L3:
  • V14_3_2
• OWASP_ASVS_L2:
  • V14_3_2
• OWASP_ASVS_L1:
  • V14_3_2