YoVDO

Securing Django Applications

Offered By: LinkedIn Learning

Tags

Django Courses Web Security Courses Access Control Courses Data Encryption Courses Two-Factor Authentication Courses

Course Description

Overview

Protect your Django web app using essential security and authentication measures. Learn how to implement two-factor authentication, encrypt user data, and more.

Syllabus

Introduction
  • Security and Django
  • What you should know
  • What's included in the project
  • Installing the project
  • Running the server
1. Permissions, Access Controls, Activity Logs
  • Setting up per-object permissions in Django
  • Enabling per-object permissions in Django
  • Unit test for per-object permissions in Django
  • Creating a group permissions model
  • Unit test for access control and group permissions
  • Adding activity logs for auditing
  • Deleting objects in an audit/compliance-compatible way
2. Throttling a Flood of Requests
  • Using ApacheBench to simulate a flood of requests
  • How to ensure actions happen only once
  • Unit testing idempotent actions that should only happen once
  • Using background queues to throttle floods of requests
  • Unit testing background queue flood prevention
3. Protecting Data and Data Privacy
  • Per-field encryption of data in Django
  • Unit testing per-field encryption
  • Zero knowledge encryption of data in Django
  • Unit testing zero knowledge encryption
  • Packaging user data for download
4. 2FA: Two-Factor Authentication
  • Using Twilio to send an SMS code
  • Confirming SMS code and enabling 2FA
  • Validating 2FA login before performing actions in Django
  • Unit testing 2FA login requirement for Django REST API
5. CSRF: Cross-Site Request Forgery Protection
  • Enabling CSRF tokens in Django
  • Unit testing Django forms that use CSRF
Conclusion
  • Next steps

Taught by

Rudolf Olah

Related Courses

Access Control Concepts
(ISC)² via Coursera
AZ-303 Part 2 - Implement Management and Security Solutions in Azure
A Cloud Guru
Google Cloud Identity and Access Management (IAM) Deep Dive
A Cloud Guru
Google Kubernetes Engine Deep Dive
A Cloud Guru
HashiCorp Vault
A Cloud Guru