PyCon Nigeria Annual Conference

Django Security Best Practices: Essential Strategies for Protecting Your Web App

speaker-foto

Joseph Adediji

A Software developer and technical writer with a keen interest in AI and automation.

Description

The talk, "Django Security Best Practices" is meant to equip both beginners and intermediate Django developers with techniques for efficiently securing their Django applications.

Abstract

The talk, "Django Security Best Practices: Essential Strategies for Protecting Your Web App," is meant to equip both beginners and intermediate Django developers with techniques for efficiently securing their Django applications. This talk is for developers of all levels, with a primary focus on simplifying Django security for beginners while offering valuable insights to intermediate developers.

Attendees can expect to learn about the security batteries available in Django, including authentication, CSRF, XSS protection and input validation, as well as practical tips and best practices for securing their Django applications.

They will also learn about how SSL can improve security, how to use 2FA as an extra layer of protection, and common mistakes that can put their app at risk. By the end of the talk, participants will know best practices, real-world examples, and strategies for securing Django apps.

Whether attendees are new to Django or seasoned developers, this talk will equip them with valuable insights and actionable techniques to secure their production Apps.

Outline: - Introduction

  • Django Security Best Practices:

    • Authentication and Authorization: this section will cover securing user accounts with passwords and 2FA
    • Protection Against Web Attacks: this section will cover protection against cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.
    • Debug = True: this section will cover the common mistake of setting debug to true in production apps and its security implications.
    • Environment variables: this section will cover how to protect and secure environment variables including using gitignore.
    • Admin Bruteforce Protection: this section will cover the protection of the Django admin page from brute-force attacks.
    • User Input and Data Validation: this section will cover how Django can escape and validate user-generated content to prevent malicious code injection.
    • SSL /HTTPS: this section will cover the importance of SSL and how to get one.
    • Server Security: this section will cover some server security best practices.

  • Closing/Q&A

Audience level: Novice