DEV Community: Sainapei Lenapunya

Building and Deploying a Mentorship Platform with Django: A Journey from Local to Live

Sainapei Lenapunya — Fri, 21 Mar 2025 18:03:13 +0000

In this article, I’ll share my experience developing a mentorship platform using Django, focusing on the key features, user flow, and deployment process. The project was built using the Django Starter Template, and it includes a complete user flow, two user types, Progressive Web App (PWA) features, and Tailwind CSS for styling. After completing the development, I pushed the code to GitHub and deployed the app on Render.com

Key Features and User Flow
The mentorship platform was designed to connect mentees and case managers, with two distinct user types: Mentees and Case Managers. Mentees can submit surveys and track their progress, while case managers can manage sessions, write reports, and view mentee surveys.

User Flow
The app includes a complete user flow:

Registration:
Users can sign up as either a mentee or a case manager via /users/register/. Upon registration, they are redirected to their respective dashboards (mentee:dashboard for mentees, case_manager:dashboard for case managers).

Login/Logout: Users log in at /users/login/ and log out at /users/logout/, with proper redirects to the login page after logout.

Password Reset: A password reset flow is implemented at /users/password_reset/, allowing users to reset their password via email (using Django’s built-in views and a console email backend for development).
Password Change: Logged-in users can change their password at /users/password_change/.
User Profiles with Profile Images
Each user has a profile accessible at /users/profile/, where they can view and update their details. I extended the custom User model to include a profile image field:

users/models.py (partial)
profile_image = models.ImageField(upload_to='profile_images/', null=True, blank=True)
Users can upload a profile image during registration or update it later via the profile page. The image is displayed on their dashboard.

Styling with Tailwind CSS
The client-side was styled using Tailwind CSS, providing a modern and responsive design. I included Tailwind CSS via a CDN in the base template (templates/layout/base.html) and used its utility classes for consistent styling across all pages, such as the registration form, dashboards, and password reset pages.

Deployment: GitHub and Render.com
After completing development, I pushed the project to GitHub for version control:

GitHub Repository:[(https://github.com/sanaipei001/django-starter-template.git)]
I then deployed the app on Render.com, a free hosting platform:

Created a new web service on Render.com and connected it to my GitHub repository.
Configured the build settings: Python 3.12, requirements.txt for dependencies, and python manage.py migrate as the start command.
Set environment variables on Render.com (e.g., DEBUG=False, SECRET_KEY, and database settings).

Deployed the app, making it live at:[(https://django-starter-template.onrender.com)]

The deployment process was smooth, and the app is now accessible online with all features (registration, login, password reset, dashboards, etc.) fully functional.

Conclusion
This project was an exciting journey, from building a mentorship platform with distinct user types (mentees and case managers) to implementing a complete user flow and PWA features. Using Tailwind CSS ensured a polished UI, while deploying on Render.com made the app accessible to users. The code is well-documented on GitHub, and the live app demonstrates the power of Django for building robust web applications.

GitHub Basics: Creating Repository and Maintaining It

Sainapei Lenapunya — Mon, 27 May 2024 08:59:31 +0000

Table of content:

Definition
Requirements
Creating a new Repository
Maintaining a Repository
- Fork the repository
- Clone the repository
- Create a branch
- Initializing a repository
- Adding files to the repository
- Make an Initial Commit
- Push changes to your repository
- Pull requests
- Renaming a repository
- Transferring a repository
- Deleting a repository
- Restoring a deleted repository
Conclusion
1. Useful resources

Definition

GitHub is a web-based tool for version control and collaboration. It provides developers with an easy-to-use interface for creating repositories (remote storage sites), tracking code changes over time (version control), and collaborating on projects with others.

Requirements

GitHub Account
Git Installed
Text Editor or IDE
Basic Command Line Skills

Creating a new repository

As a prerequisite you need a GitHub account to be able to create a repository.

Creating a GitHub account

Navigate to https://github.com/.
Click Sign up.
Follow the prompts to create your personal account.

During sign up, you'll be asked to verify your email address. Without a verified email address, you won't be able to complete some basic GitHub tasks, such as creating a repository.
If you're having problems verifying your email address, there are some troubleshooting steps you can take. For more information, see "Verifying your email address."

Creating a new repository from the web UI
step 1-;
Once you have GitHub account, In the upper-right corner of your page, click the + sign .

Step 2-:
On the drop down list, click on the New repository option.

Step 3-;
Use the Owner drop-down menu to choose the account that will own the repository.

step 4-:
In the repository name field, enter a name for your repository and optionally provide a description. Select the desired repository visibility, then click the "Create repository" button at the bottom of the page.

For example-;

Step 5-;
At this point, you have successfully created a new repository using the web UI.

Maintaining a Repository
Fork the repository

Fork the repository by clicking the fork button on the top of the page. This will create an instance of that entire repository in your account.

Clone the repository

To work with the repository locally, clone it to your machine. Click on the "Code" button and copy the provided link.

Open the terminal and run the following command. It will clone the repository locally.

$ git clone [HTTPS ADDRESS]
For example


$ git clone hhtps://github.com/ThanoshanMV/articles-of-the-week.git

Now we have set up a copy of the master branch from the main online project repository.

$ cd [NAME OF REPOSITORY]

Create a branch

It’s good practice to create a new branch when working with repositories, whether it’s a small project or contributing to a group's work.
Branch name should be short and it should reflect the work we’re doing.
Now create a branch using the git checkout command:

$ git checkout -b [Branch Name]

Initializing a repository:

To initialize a new Git repository, open the terminal, navigate to the root directory of your project, and execute git init. This command initializes an empty Git
repository in the specified directory and generates a .git sub-directory that contains versioning information.

Adding files to the repository

Make essential changes to the project and save it.
Then execute git status , and you’ll see the changes.
Use the git add . command to add your project files to the repository after it has been initialized. For instance, you may use git add . to add all files in the repository. The files are ready to be included in the subsequent commit at this point.

Make an Initial Commit

Use the git commit -m "Initial commit message" command to generate an initial commit once you have added the required files. Commits are a snapshot of the project at a particular moment in time and ought to have a detailed message detailing the modifications that were made.

Push changes to your repository

In order to push the changes to GitHub, we need to identify the remote’s name.

$ git remote

For this repository the remote’s name is “origin”.
After identifying the remote’s name we can safely push those changes to GitHub.

On GitHub.com, navigate to the main page of the repository.
Above the list of files, click Code.
To clone your repository using the command line using HTTPS, under "Quick setup", copy link . To clone the repository using an SSH key, including a certificate issued by your organization's SSH certificate authority, click SSH, then copy link .
Open Terminal .
Change the current working directory to the location where you want the cloned directory.

git push origin [Branch Name]

Pull requests

To create a pull request that is ready for review, click Create Pull Request. To create a draft pull request, use the drop-down and select Create Draft Pull Request, then click Draft Pull Request.

Renaming a repository
On GitHub.com, navigate to the main page of the repository.
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the drop-down menu, then click Settings.

- In the Repository Name field, type the new name of your repository.

Click Rename.

Warning: If you create a new repository under your account in the future, do not reuse the original name of the renamed repository. If you do, redirects to the renamed repository will no longer work.
Transferring a repository
When you transfer a repository that you own to another personal account, the new owner will receive a confirmation email. The confirmation email includes instructions for accepting the transfer. If the new owner doesn't accept the transfer within one day, the invitation will expire.
1. On GitHub.com, navigate to the main page of the repository.
2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the drop down menu, then click Settings.

1. At the bottom of the page, in the "Danger Zone" section, click Transfer.

Read the information about transferring a repository, then under "New owner", choose how to specify the new owner.

    - To choose one of your organizations, select “Select one of my organizations.”

        - Select the drop-down menu and click an organization.
        - Optionally, in the "Repository name" field, type a new name for the repository.
        - Note: You must be an owner of the target organization to rename the repository.

    - To specify an organization or username, select Specify an organization or username, then type the organization name or the new owner's username.

Read the warnings about potential loss of features depending on the new owner's GitHub subscription.
Following “Type Repository Name to confirm”, type the name of the repository you'd like to transfer, then click I understand, transfer this repository.
Deleting a repository
On GitHub.com, navigate to the main page of the repository.
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the drop-down menu, then click Settings.

- On the "General" settings page (which is selected by default), scroll down to the "Danger Zone" section and click Delete this repository.
- Click I want to delete this repository.
- Read the warnings and click I have read and understand these effects.
- To verify that you're deleting the correct repository, in the text box, type the name of the repository you want to delete.
- Click Delete this repository.

Restoring a deleted repository

Some deleted repositories can be restored within 90 days of deletion.

In the upper-right corner of any page, click your profile photo, then click Settings.
In the "Code planning, and automation" section of the sidebar, click Repositories.
Under "Repositories", click Deleted repositories.
Next to the repository you want to restore, click Restore.
Read the warning, then click I understand, restore this repository.

Conclusion

Repositories on GitHub are an effective tool for organizing and working together on software projects. Developers may assure project transparency and version control, promote teamwork, and expedite workflows by adhering to best practices when creating, organizing, and managing repositories. Leveraging GitHub repository capabilities can greatly improve code quality and efficiency, whether working on a team project or a personal one.

Useful Resources

Official GitHub Documentation

GitHub Docs: https://docs.github.com/en
Creating a repository: https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-new-repository
Managing repositories: https://docs.github.com/en/repositories

Git and GitHub Learning Resources

Git Handbook: https://guides.github.com/introduction/git-handbook/
GitHub Learning Lab: https://lab.github.com/
Git & GitHub Crash Course for Beginners (Video): https://www.youtube.com/watch?v=RGOj5yH7evk

Tutorials and Guides

GitHub Guides: https://guides.github.com/
GitHub Skills: https://skills.github.com/
FreeCodeCamp GitHub Tutorial: https://www.freecodecamp.org/news/git-and-github-for-beginners/

Books

"Pro Git" by Scott Chacon and Ben Straub (free online book): https://git-scm.com/book/en/v2
"GitHub For Dummies" by Sarah Guthals and Phil Haack

Community and Forums

GitHub Community: https://github.community/
Stack Overflow (GitHub tag): https://stackoverflow.com/questions/tagged/github

Cybersecurity Basics: Beginner’s Guide

Sainapei Lenapunya — Mon, 27 May 2024 08:42:44 +0000

Table of Content:

Definition
Requirements
CIA Triad
The Importance of Cybersecurity
The Advantages of Cybersecurity
Disadvantages of Cybersecurity
Common Threats
Common Types of Attacks
Vulnerabilities
Conclusion
Useful Resources
Definition

Cybersecurity is the process of safeguarding your devices, data, and online presence against unauthorized access, use, disclosure, disruption, alteration, or destruction. It's like installing a security system in your digital life to protect your data.

Requirements

Generally, you need some knowledge in some areas to understand cybersecurity as it encompasses several types of skills and basics . These may include:

Basic Computer Skills
Networking Knowledge
Programming Knowledge
Understanding of Security Principles
Information Security
System Security
Network Security

CIA Triad

The security of any organization starts with three principles: Confidentiality, Integrity and Availability. Next in this cyber security for beginners tutorial we will learn about the CIA Triad, which has served as the industry standard for computer security since the time of first mainframes.

Confidentiality-The principle of confidentiality asserts that only authorized parties can access sensitive information and functions. Example: military secrets.
Integrity- The principle of integrity asserts that only authorized people and means can alter, add, or remove sensitive information and functions. Example: a user entering incorrect data into a database.
Availability-The principle of availability asserts that systems, functions, and data must be available on-demand according to agreed-upon parameters based on levels of service.

Importance of Cybersecurity:
Safeguards Personal Information- Prevents theft and illegal access to sensitive data, including financial, health, and personal information
Maintains Reputation-Prevents security mishaps or data exposures that could erode trust among stakeholders, clients, and customers.
Boosts Output-Prevents downtime brought on by cyber incidents that could impair production by guaranteeing the uninterrupted operation of networks and systems.
Supports Remote Work-Enables flexible work schedules without sacrificing security by providing remote workers with secure access to company networks and data.
Regulation Adherence-Assists companies in meeting legal and regulatory obligations around cybersecurity and data protection.
Strengthens Cyber Stance-Strengthens an organization's defenses against cyber threats and assaults by enhancing its overall cybersecurity posture.
Better Data Handling- Guarantees integrity, confidentiality, and availability through secure storage, transmission, and processing.
Advantages of Cybersecurity

Cybersecurity is no longer an optional issue; it is a necessary expenditure for businesses of all sizes. Here are some significant benefits of establishing effective cybersecurity measures, backed up by research and articles:

Cost Savings-Data breaches can be quite costly. According to the IBM Cost of a Data Breach Report 2023 (https://www.ibm.com/reports/data-breach), the global average overall cost of a data breach in 2023 is $4.35 million. Strong cybersecurity may considerably reduce the danger of such breaches, saving your firm significant money.
Competitive Advantage-According to a PwC research, 73% of customers prefer to do business with companies that prioritize data protection. Demonstrating a commitment to cybersecurity increases trust among customers and partners, giving a competitive advantage.
Innovation support-A 2022 Harvard Business Review article (https://hbr.org/insight-center/the-future-of-cybersecurity) addresses how cybersecurity is critical for driving innovation. By building a secure environment, businesses may confidently explore new technologies and digital transformation efforts without fear of security concerns.
Customer confidence-According to an Accenture study (https://www.accenture.com/us-en/case-studies/about/creating-culture-security), organizations with excellent cybersecurity procedures have higher customer satisfaction and loyalty. Customers feel more comfortable exchanging information and doing business with a safe corporation.
Risk Management-A 2021 report by the Cybersecurity and Infrastructure Security Agency (CISA) https://www.cisa.gov/topics/risk-management emphasizes the necessity of cybersecurity risk management in proactively identifying, assessing, and mitigating cyber threats. Implementing a strong cybersecurity plan may greatly reduce the likelihood and effect of security breaches on your company.
Business continuity-Uninterrupted Operations, that is cyberattacks can disrupt business operations and result in considerable downtime. A 2023 analysis by Datto https://www.linkedin.com/pulse/what-2023-datto-ransomware-report-says-SMBS-dale-shulmistra The average downtime caused by a ransomware attack is 21 days. Strong cybersecurity procedures can assist ensure that your company can continue to operate even after a hack happens.
Disadvantages of cybersecurity

While cybersecurity provides enormous benefits, there are some obstacles to consider, as backed by research and articles-:

Needs Continuous Learning- the cybersecurity landscape is ever-changing, with new threats appearing all the time. The 2022 ISC Cybersecurity Workforce Report (https://www.isc2.org/research) emphasizes the importance of cybersecurity experts being current on the latest threats and vulnerabilities. Your security personnel must study and train on a continuous basis.
Complicated to Setup- i.e. specific skills- Implementing effective cybersecurity measures frequently necessitates specific knowledge and expertise. A 2021 article in SearchSecurity (Why Cybersecurity is Hard: Challenges Businesses Face) https://www.techtarget.com/searchsecurity/ examines the difficulty of establishing security architectures and technologies. Businesses may need to hire cybersecurity professionals or outsource these tasks, which can be costly.
Potential performance impact- Certain cybersecurity tools and processes may use system resources, affecting performance. Finding the correct combination of security and performance is critical. There are two resources to consider,
NSS Labs' 2023 Endpoint Detection and Response (EDR) Group Test (https://nsslabs.com/tested-technologies/endpoint-detection-response/). compared the performance of several endpoint detection and response (EDR) solutions.

A 2017 report by the Cybersecurity and Infrastructure Security Agency (CISA) (The Impact of Cybersecurity on Small Businesses). https://www.cisa.gov/cyber-guidance-small-companies investigates the trade-offs between security controls and system performance, focusing on small firms.

Talent Shortage-There is a global scarcity of cybersecurity specialists. According to Cybersecurity Ventures' 2023 research (Cybersecurity positions Market 2023-2028 Forecast) https://cybersecurityventures.com/stats/, there will be 3.3 million unfilled cybersecurity positions in the world by 2023. This shortfall can make it challenging for businesses to find and keep the talent they require.
High Costs- Cybersecurity necessitates continual investments in technology, training, and personnel. This can be a challenge for small and medium-sized businesses (SMBs) with limited resources.

Ponemon Institute (2023 Cost of a Data Breach Report) https://www.ponemon.org/ investigated the financial impact of data breaches, emphasizing the potential cost savings associated with strong cybersecurity policies.

A report by Gartner (Cost Optimization for Security Programs) https://www.gartner.com/en/insights/cost-optimization provides recommendations for optimizing cybersecurity spending, particularly for organizations with limited budgets.

Common Threats
Phishing scams
These are deceptive emails or messages that attempt to fool one into providing personal information or clicking on dangerous links.

Example: You receive an email that appears to be from your bank, warning about suspicious activity on your account. The email prompts you to click a link and log in to verify your identity. However, the link leads to a fake website designed to steal your login credentials.

Estimated Occurrences- Millions per year. According to a report by PhishLabs https://www.proofpoint.com/us/resources/threat-reports/state-of-phish, there were over 26.8 billion phishing attempts detected in 2022.
Malware

This is a malicious software (viruses, worms, etc.) that can infect your devices, steal data, or disrupt operations(Stytz & Banks, 2006).

Example: You download a seemingly harmless free software program from an untrusted source. Once installed, the program secretly installs malware on your computer that encrypts your files, demanding a ransom payment to decrypt them. This is a common example of ransomware, a specific type of malware.

Estimated Occurrences: Billions per year. A report by Cybersecurity Ventures https://cybersecurityventures.com/ransomware-report-2021/ predicts global ransomware damage costs will reach $26 billion USD by 2026.
Computer hacking
It alludes to attempts made without authorization to enter networks or computer systems.

Example: Hackers exploit a security vulnerability in a company's database, gaining access to customer information such as credit card details and personal data. This information can be sold on the black market or used for further fraudulent activities.

Estimated Occurrences: Millions per year. According to the Identity Theft Resource Center https://www.idtheftcenter.org/post/2022-annual-data-breach-report-reveals-near-record-number-compromises/, there were over 1,800 data breaches reported in the US alone in 2022.
Social Engineering-Deception, Not Force.
This is a method used by hackers to trick people into disclosing sensitive information or performing activities that jeopardize their security. Unlike hacking, which exploits technological flaws in systems, social engineering preys on human trust and vulnerability.

Example: You receive a phone call from someone claiming to be from your internet service provider (ISP). They inform you of a problem with your account and request remote access to your computer to fix it. In reality, the caller is a social engineer trying to gain control of your device and potentially steal sensitive information.
Vishing
This is a short for "voice phishing". A type of social engineering attack where cyber criminals use phone calls to trick individuals into providing sensitive information or performing actions that compromise their security. The attackers typically pretend to be representatives from legitimate organizations such as banks, government agencies, or tech support services to gain the victim's trust.

Example: You receive a voicemail from someone claiming to be from the government, stating that there's an issue with your tax return and urging you to call a specific number to resolve it. The number connects you to a scammer who attempts to pressure you into revealing your social security number or making a fraudulent payment.

Estimated Occurrences: Millions per year. The Federal Trade Commission (FTC) https://reportfraud.ftc.gov/ receives hundreds of thousands of vishing complaints annually in the US.
Smishing

Like phishing emails, smishing employs SMS text messages to deceive victims. You may receive a notice about a bogus parcel delivery issue or a tempting offer that demands you to click on a malicious website or supply sensitive information.

Example: You receive a text message claiming you won a prize in a contest you never entered. The message includes a link to a website where you need to provide your personal details to claim the prize. Clicking the link takes you to a fake website designed to steal your information.

Pretexting
In this case, the attacker fabricates a story to earn your trust and access to sensitive data. For example, they could act as a tech support agent calling to "fix" an issue with your computer, eventually luring you into giving them remote access or divulging passwords.

Example: You receive a call from someone claiming to be from a charity organization. They provide a sob story and pressure you into donating money over the phone. However, the caller is a fraudster who will pocket the donation instead of directing it to a legitimate cause.
Common Types of Attacks:

There are mainly five types of attacks-;

Distributed denial of service(DDoS) - Through flooding the traffic used to access resources, it is an attack designed to prevent a user from using those resources. Every bot under the control of a botnet is managed by a botnet controller. The attacker instructs the botnet controller to launch a bot attack on a server, flooding it with bot traffic. The website's traffic will be so heavy that a person attempting to visit it will be unable to do so.
Email attacks - there are three types of Email attacks

- Phishing- Usually through email, the attackers sends bait, it motivates people to divulge personal information

- Spoofing- The assailant posses as a different individual or entity and sending you an email purporting to be authentic.

- Email Attachment- Emails can be used to send files. These files could be documents, files, audio or pictures. You receive an email from attackers urging you to open the attached files.

Password attacks -

There are five different kinds of password assaults that exist-:

Dictionary attack: With this technique, we use the dictionary to handle all potential passwords.
Brute force: This technique uses trial and error to figure out how to decode the data or password. It takes the longest to execute this attack.
Keylogger: A keylogger does exactly what its name implies—it logs every keystroke made on a keyboard. Keyloggers are used by most hackers to obtain passwords and account information.
Shoulder surfing: By peering over the user's shoulder, the attackers can see what's on their keyboard.
Rainbow table: Precomputed hash values can be found in rainbow tables. Attackers utilize this table to determine the user's password.

Malware Attack
- This is a malicious program or software that disrupts or damages the computer.

- There are various types of malware.
    - Virus: A computer virus is a malicious code that replicates by copying itself to another program or document and changes how a computer works. The virus requires someone to knowingly or unknowingly spread the infection without the knowledge or permission of a user or system administrator. An example of a virus is the Melissa virus.

    - Worms: These are standalone programs that run independently and infect systems. For example, W32.Alcra.F is a worm that propagates through network share devices.

Essential Practices.
1. Use of Strong Passwords
Create unique and complex passwords for each online account(CISA, 2023). Consider using a password manager to help you keep track.

2.  Regular Software Updates
Regularly update your operating systems, browsers, and software applications to patch security vulnerabilities.

3.  Beware of Suspicious Links
Don't click on links or attachments in emails or messages from unknown senders.

4.  Secure Wi-Fi
Avoid using public Wi-Fi for sensitive activities like online banking. If you must use it, consider a VPN (Virtual Private Network) for added security.

5. Antivirus Software
 Install and maintain reputable antivirus software on your devices to help detect and prevent malware infections.

Internal threats consists of-:
1.Employee Negligence: Unintentional actions or mistakes made by employees, such as clicking on malicious links or failing to follow security protocols, which can lead to security breaches.

2.Insider Threats: Malicious actions taken by individuals within an organization, such as disgruntled employees or contractors, to steal data, sabotage systems, or cause harm.

Vulnerabilities

Explaining common vulnerabilities in systems and networks helps users understand the potential weak points that cyber attackers exploit, enabling them to develop effective strategies to safeguard against such threats and enhance overall cybersecurity.

Conclusion

By implementing these foundational cybersecurity practices, you can significantly reduce your risk of falling victim to cyber threats. Remember, cybersecurity is an ongoing process, so stay informed and adapt to new challenges as they arise.

Useful Resources

CISA. (2023). Cybersecurity Best Practices | Cybersecurity and Infrastructure Security Agency CISA. Www.cisa.gov. https://www.cisa.gov/topics/cybersecurity-best-practices

Stytz, M. R., & Banks, S. B. (2006). Personal privacy, information assurance, and the threat posed by malware techology. Proceedings of SPIE, the International Society for Optical Engineering/Proceedings of SPIE. https://doi.org/10.1117/12.665344

Top 8 Cyber Security Vulnerabilities. (n.d.). Check Point Software. Retrieved May 23, 2024, from https://www.checkpoint.com/cyber-hub/cyber-security/top-8-cyber-security-vulnerabilities