Security Best Practices for Django Applications

Oct 18 5:40 PM PDT :calendar: to 6:05 pm

About This Talk

Security is of utmost importance to most applications in general and web applications in particular. Django being one of the most popular Python-based web frameworks, applications developed using Django are always on the radar of hackers who try to find the vulnerabilities in the Django application and exploit the same for their benefit. Many times security is ignored or not well done due to a lack of awareness and the cost associated with it. But Security is too costly to be ignored. Although Django has many built-in security features, they are not sufficient to safeguard the application. The talk begins with highlighting the importance of security and identifying security issues in Django applications using the Mozilla Observatory tool, then using the recommendations of the tool to secure them. Next, I will compare and contrast Mozilla’s Web Security recommendations and Open Web Application Security Project(OWASP) Top 10 recommendations. Next, I will discuss built-in security features in Django. Finally, I will discuss the configuration settings and issues that may affect the secure deployment of Django applications.

Outline

  1. Importance of Security with respect to Web applications (02 Minutes)
  2. Identifying security issues using Mozilla Observatory (05 Minutes)
  3. OWASP Top 10 issues and how to address them in Django (8 Minutes)
  4. Built-in Security features in Django (7 Minutes)
  5. Secure Deployment of Django applications (03 Minutes)

Presenters

    Photo of Gajendra Deshpande

    Gajendra Deshpande

    Mr. Gajendra Deshpande holds a Master’s degree i.e., M.Tech. in Computer Science and Engineering from Visvesvaraya Technological University, Belagavi and PG Diploma in Cyber Law and Cyber Forensics from National Law School of India University, Bengaluru India. He is working as Assistant Professor at the Department of Computer Science and Engineering, KLS Gogte Institute of Technology, Belagavi, Karnataka, India. He has a teaching experience of 12+ years and Linux and Network Administration experience of one year. Under his mentorship teams have won Smart India Hackathon 2018, 2019 and 2020. He is Technical Director for Sestoauto Networks Pvt. Ltd. Presented talks at prestigious conferences such as SciPy USA, JuliaCon, PyCon France, PyCon Hong Kong, PyCon Taiwan, COSCUP Taiwan, PyCon Africa, BuzzConf Argentina, EuroPython, PiterPy Russia and SciPy India. Worked as Reviewer and Program Committee member for reputed International Journals and conferences including JOSS, JOSE, SciPy USA, SciPy Japan, JuliaCon, JupyterCon, PyData Global, and PyCon India, and publishers include Manning USA and Oxford Univesity Press. He leads PyData Belagavi and OWASP Belagavi chapters. He is also GitHub Certified Campus Advisor