Securing Django Applications

Protect your Django web app using essential security and authentication measures. Learn how to implement two-factor authentication, encrypt user data, and more.

Introduction

• Security and Django
• What you should know
• What's included in the project
• Installing the project
• Running the server

1. Permissions, Access Controls, Activity Logs

• Setting up per-object permissions in Django
• Enabling per-object permissions in Django
• Unit test for per-object permissions in Django
• Creating a group permissions model
• Unit test for access control and group permissions
• Adding activity logs for auditing
• Deleting objects in an audit/compliance-compatible way

2. Throttling a Flood of Requests

• Using ApacheBench to simulate a flood of requests
• How to ensure actions happen only once
• Unit testing idempotent actions that should only happen once
• Using background queues to throttle floods of requests
• Unit testing background queue flood prevention

3. Protecting Data and Data Privacy

• Per-field encryption of data in Django
• Unit testing per-field encryption
• Zero knowledge encryption of data in Django
• Unit testing zero knowledge encryption
• Packaging user data for download

4. 2FA: Two-Factor Authentication

• Using Twilio to send an SMS code
• Confirming SMS code and enabling 2FA
• Validating 2FA login before performing actions in Django
• Unit testing 2FA login requirement for Django REST API

5. CSRF: Cross-Site Request Forgery Protection

• Enabling CSRF tokens in Django
• Unit testing Django forms that use CSRF

Conclusion

• Next steps