Dear Frank,
reducing the number of security/vulnerability issues in an web application is very important nowadays.
OWASP (
https://owasp.org/) offers a set or recommendations and tools supporting this activity.
In particular the OWASP ZAP tool (
https://owasp.org/www-project-zap/) is able to analyse a "life" web site/page to look for vulnerability issues. I'm currently using this tool to strengthen a web application of a customer of mine (written in Python/Django).
Yesterday I run the tool against "my" port of the latest version of ]project-open[. It was a "gentle" attack, but already it provided some few indications.
I will send the results to you and Gustaf.
I hope it helps,
Maurizio