“Extended Code Guardrails” (XCG) – Software Module for the Python Django Framework that Enhances Web Application Security | Singapore Government Developer Portal
Have feedback? Please

“Extended Code Guardrails”(XCG) header banner

“Extended Code Guardrails” (XCG) was jointly developed by GovTech’s Cyber Security Group (CSG) and A*STAR’s Institute for Infocomm Research to eliminate the undesirable effects of insecure code through a secure-by-default framework. XCG brings web application security to the next level by removing or limiting insecure behaviours in applications. Hence, the impact of vulnerabilities is reduced or removed, even when developers write insecure code by accident.

Many of the vulnerabilities that XCG addresses are high-risk in nature, found in the OWASP Top-10, and have been around for over 20 years. These include “Cross-site Scripting” (XSS), “OS command injection”, and “Indirect Object References (IDOR)”.

XCG uses Django, a high-level Python web framework that encourages rapid development. Built and maintained by experienced developers, Django handles many web application development hassles, so developers can focus on writing apps without reinventing the wheel.

XCG is supported by the Smart Nation and Digital Government Office (SNDGO) and the National Research Foundation (NRF), under the Public Sector Translational R&D Grant Funding Initiative (TRANS Grant).

How It Works

XCG comprises several independent Django modules that alter Django’s behavior to close security gaps. Each module safeguards the application from a specific category of vulnerability, with minimal configuration or modification to the application.

Developers can incorporate XCG modules in their existing Django web applications or build a fresh Django web application with XCG starter kits.

Key Benefits

  • Enhances security of web applications
  • Increases speed of application development
  • Enables developers to focus on coding functional behavior for the application, instead of reimplementing or incorporating security controls in an insecure way


XCG is free and can be used for any Singapore government projects.

Contact Us

Reach out to the product team with your queries or feedback through this form.

Last updated 09 July 2024

Was this article useful?
Send this page via email
Share on Facebook
Share on Linkedin
Tweet this page