I have seen experienced Django developers who don't have a full understanding of SECRET_KEY setting.
Similarly, there are a couple of other things that most people seem to be either unaware of or ignore it.
Security is one of the most critical aspects of any App, yet no one gives due priority to it.
Based on my experience so far I have compiled top common web vulnerabilities and techniques to prevent them in a Django App.
These vulnerabilities are -
- SQL Injection
- CRLF Injection
- Timing Attack
- Clickjacking Attack
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- HTTP Strict Transport Security (SSL)
- Session Hijacking
- Denial of Service (DoS)
- Miscellaneous
Django provides the guard against these vulnerabilities out of the box but are not enabled by default
In the post, I describe all the steps you need to follow to make your application more secure.
You can access the post here - https://gauravvjn.medium.com/secrets-of-security-in-a-django-application-0dfb41957eb0
Top comments (0)