We’ll look at why Django developers should learn to pentest the apps they build, explain how we learnt to do it, and show how basic security tests fit into our development workflow. Having your apps professionally pentested is a great way to find and fix security problems. For many projects though, resource constraints mean that pentesting either never happens, or it happens infrequently. Our solution to this problem was to learn to do basic pentesting of our own applications. With this talk we aim to encourage other developers to do the same. We’ll show the benefits to a project of even simple security testing, and show people how to get started with pentesting as developers. We’re also running a workshop/sprint in which you can learn to pentest a vulnerable Django app.