File uploads are straightforward in Django, right? Making them secure is not. At least there are no off the shelf solutions addressing all the OWASP guidelines. Figuring out the infrastructure and shipping it as IaC is another level of pain. Writing up all the painful bits into a template repo is what makes this particular developer stand out. I'm sharing the blog post in the hope this may be helpful to some here. This implementation was an absolute killer feature for us (the "client" in the story) and made many people (including our cybersecurity folks) very happy. ^(Disclaimer: no tokens were harmed in the writing of this post) Edit: direct link to blog post: https://www.mechanicalrock.io/blog/malware-protected-file-upload-with-s3-and-guardduty submitted by /u/thisFishSmellsAboutD [link] [comments]