Ever wanted to know how your web app can be compromised? Wonder no more. In this talk, we'll build a threat model for realistic Flask and Django apps. We'll learn how to spot potential weak points, where to spend time and money on security improvements, and how to discover breaches before it's too late. We'll dive into the typical weak points of Python web apps, for both Flask and Django, as well as specific flaws with an we will look at for each Flask and Django. After finding the potential weak points, we will learn how to prioritize what should be fixed first and where to spend time and money fixing weaknesses first. Wherever possible, popular libraries for each framework will be relied upon to secure the apps, and you will learn where to go to learn more if necessary about each potential flaw. Finally, we'll discuss some of the best practices in security you should be taking to discover breaches into these apps before it's too late, such as setting up a central logging system and implementing analytics to detect malicious users who have breached the site.