The default settings of some libraries and tools are so useless, or even dangerous, that they should never be used. While they give the impression of being easy to use or performant, they actually represent traps for the unwary user. I look at some examples, consider the reasons why these bad defaults might have arisen, and offer some guidelines for setting up projects with good defaults.
Links and resources:
Misconfigured Django apps: https://securityaffairs.co/wordpress/70869/hacking/django-apps-misconfigured.html
Li and Evans, Insecure by Default?: https://www.cs.virginia.edu/~evans/pubs/webframeworks2016/insecurebydefault.pdf
The Zen of Python: https://www.python.org/dev/peps/pep-0020/