Why Session Hijacking Remains a Persistent Web Threat
Web Security is a significant concern for me. Over the past few years, I’ve been learning about ethical hacking and the broader field of web and server security and one topic that has always intrigued me is session hijacking. While many security threats, such as weak passwords, SQL injections, and cross-site scripting (XSS), have been mitigated and are relatively easy to fix, session hijacking remains a persistent threat. Its ease of exploitation and potential damage make it a serious risk to web applications. ...
Protecting Data in Django Admin: Preventing Accidental Deletions
The Django admin interface is one of the standout features that make Django such a powerful framework. It allows you to manage your data, customers, and models with ease. However, as with any tool that provides significant control over your application’s data, there’s a need to ensure that sensitive actions like deletions are handled carefully. ...
Read Indeed Reviews Without an Account or Rating Your Company
Don’t be like Indeed Indeed is a popular job search engine that allows users to search for jobs, post resumes, and read company reviews. However, in order to read reviews on Indeed, you need to create an account and rate your current or former employer, this is really annoying and it encourages posting reviews that are not genuine. In this post, I will show you how to read Indeed reviews without an account or rating your company. ...
My Flutter Journey: Mastering Widgets, State, and Core Concepts
As a Python backend developer, working with Flutter was a bit challenging. The concept of widgets, state management, null safety and the lack of a clear convention for structuring the codebase made it difficult for me to get started. However, after developing with Flutter both professionally and personally for 2 years, I am starting to feel confident with the framework. In this article, I will share my understanding of the core concepts of Flutter that should be helpful for beginners. ...
Fix Cors Issue With Flutter for the web and Django
Flutter and Django are two powerful frameworks that can be used to build web applications. However, when you try to make a request from a Flutter web app to a Django backend, you might run into a CORS (Cross-Origin Resource Sharing) issue. In this article, I will explain what is CORS and how to fix it when using Flutter for the web and Django. ...
Deploying a Django App on Digital Ocean App Plateform in 10mn with custom domain and managed database
App Plateform use case For the past 5 years I have been a fan of Digital Ocean, it is decently priced and offers everything I need to host my professional and personal projects. While I have been using their droplets for a long time, I partially switch to their App Plateform 2 years ago and I have been loving it so far. ...
Storing List in Models with Django
Lists or arrays are commonly used data types in programming. However, Django does not have a built-in field for storing lists in models. In a recent project, I needed to store a list of strings in a model, and I had to find an elegant and efficient way to store the list in the database. ...
Fluent Python - My Private Notes
These are my personal notes from reading Fluent Python. They’re a bit scattered, but I’ve found them useful for understanding some of Python’s more advanced features, like decorators, generators, and defensive programming. I’m sharing them here in case they’re helpful to others working through similar topics or if you’re considering reading the book. ...
Why I Chose HTMX Over React and VueJS - A 6 Month Review
HTMX took the developer community by surprise, and rightfully so. It offered an alternative to using JavaScript and bloated SPAs for web apps for those did not want to dive into the complexity of frontend frameworks and JavaScript. Four years ago, when I first started building my Saas startup with Django, the recommendation was to build an API with DRF or FastAPI and use a frontend framework such as React or Vue.js. I tried them both, and while I really liked the latter, the disadvantages became more apparent as the project grew. ...
Django Security Essentials a Comprehensive Overview
Introduction In this article, I will provide a comprehensive overview of the essential security practices and configurations that you should consider when developing a Django application. A good starting point to ensure that your application is secure follows the latest security best practices and guidelines is to use the well known cookiecutter-django template. This template provides a solid foundation for building secure Django applications by incorporating various security features and configurations out of the box. ...
How to Add MFA to Django Allauth in Under 5mn
As of 0.56.0 release of django-allauth (2023-09-07) the support for Multi-Factor Authentication (MFA) has been added. This is great news for the Django developer as it allows to easily add MFA to your applications, but the documentation is still a bit sparse, and it appears that the feature is not widely known yet. ...
Reflections on the First Two Years as a Tech Founder
Two years ago, on the 15th of January 2022, I decided to launch my startup with my co-founder, a SaaS service built for hospitality professionals to help them with their day-to-day tasks that I was building for the past year. In those two years, I have travelled to 7 different countries, built a website and two mobile apps from scratch and a lot more.. let’s take a look back at what I have learned. ...
Picking the Right Flutter Packages
Choosing the right packages for your Flutter project is a crucial part of the development process, failing to pick the right packages can lead to a lot of headaches down the road. Most frameworks and languages have a package manager, Python has pip, JavaScript has npm, and Dart has pub. ...
The 3-2-1 Backup Strategy
As good of a developer you are, you are not immune to data loss, mistake happen either by you or an outside force, so it is important to have a backup strategy in place and this need to be done before you need it. One of the most popular backup strategy is the 3-2-1 backup strategy, but what does it mean and how can you implement it for almost no cost and effort? ...
Better Uptime: Ensuring Service and Website Reliability
Achieving Peace of Mind with BetterUptime: Keeping Your Services and Websites Running Smoothly As a C.T.O. and entrepreneur, ensuring the seamless operation of all the services and websites under your management is crucial. More importantly, having a service that constantly monitors and check that everything is working as expected provides invaluable peace of mind. Today, I’d like to introduce you to BetterUptime, a service that I’ve been using for over two years. ...
Beware of Fake Vulnerabilities Reports and Fear Mongering Tactics
Few days ago I started receiving concerning email directly to my work email address, the email was from a so-called bug bounty hunter that was claiming to have found a vulnerability in one of our products, the email was very generic and it was not clear what was the vulnerability, the only thing that was clear was that the person was asking for money to disclose the vulnerability. ...
Darknet Diaries Exploring Unfiltered Internet Stories of Cybersecurity and Hacking
One topic I am fascinated by is cybersecurity, hacking and the work of penetration testers, if you are like me, read on this article is for you. What is Darknet Diaries? Darknet Diaries is a podcast about hackers, breaches, shadow government activity, hacktivism, cybercrime but also about security professionals and researchers. The podcast is hosted by Jack Rhysider, a security professional with over 15 years of experience in the field. ...
Keep Your App Updated on Users Device
One of the most frustrating thing I found when I started developing mobile apps is that update are often not installed by users, web app in comparison are always up to date and does not require any action from the user. This is a problem especially when you have a new app and are pushing a lot of bug fixes and new features, fortunately there is a solution. ...
When to Use Flutter for the Web
One of the biggest advantages of Flutter is that it allows you to build apps for multiple platforms from a single codebase and the web is one of them. A lot of beginners seem to be confused about when to use Flutter for the web and if they can use it to build a website, landing page or blog, although Flutter for the web is production-ready since version 2.0 (early 2021) it does lack some features and is not suitable for all types of apps, so let’s see when to use Flutter for the web. ...
Common Problem and useful tips in Flutter
Introduction After working for more than a year with Flutter, I have encountered a lot of problems and errors that I had to solve either by myself or by searching for solutions online, here is a list of the most common problems and useful tips that I have encountered while working with Flutter. ...
Understanding IDOR Vulnerability in Django and how to fix it
Django is by design very secure, most of the commons vulnerabilies such as XSS, CSRF, SQL injection, clickjacking are fixed by the simple use of the framework, but there is one that is not fixed by default, and it is the Idor vulnerability. In this article we will see what it is and how to fix it. ...
How to Get in the Zone With Brain.fm as a Developer
When working as a developer, the best thing that can happen to us is getting in the zone. Getting in the zone means that we are so focused on our work that we forget about everything else, but to achieve such state of mind is not easy and in a world full of distractions it is even harder. ...
Using Your Django Local Server for Flutter
When working with Flutter and Django you will often need to test your app with a local server before shipping it to production, this seems like a simple task but it can be tricky to make it work with simulators. In this article, I will show you how to use your Django local server for Flutter and how to make it work with simulators in IOS and Android. ...
Remove the form in the Browsable API of Django Rest Framework
When you use Django Rest Framework, one of the great features that make DRF so powerful is the Browsable API. It allows you to navigate through your API and test it directly from your browser with a powerful form, queryset filter and much more. Even better, when enabled, you can use Django Debug Toolbar to optimize your API and see how many queries are generated like you would do with a normal Django view. ...
Create a Circular List Tile Progress Indicator in Flutter
I was working on a checklist screen app for my startup and wanted to make a visual representation of the percentage of tasks done for each checklist with the least amount of code possible and external dependencies. I came up with this solution that uses a Stack widget and a CircularProgressIndicator widget. ...
Create a Simple Maintenance Feature in Django
When working with Django for my startup I performed in several occasions very complex migrations and maintenance tasks that required the site not to be accessible for a few minutes and sometimes even hours. Even if the end user is not able to access the site, our team of superusers and admins should be able to access the site and perform the maintenance tasks. ...
Secure Your Django Administration with 6 simple steps
One of the most loved features of Django is the built-in administration interface. It allows for an easy way to manage your data and is highly customizable. However, it is also a very common target for attackers. In this article, we will look at some of the most common attacks against the Django administration interface and how to protect against them. ...
Create an Ubuntu Server for Free and Secure It in DigitalOcean - 2023 Edition Part 1
My go to setup for a new server is using DigitalOcean, with their generous $200 credit for new users you can run a server for free. This guide will show you how to create a new server, secure it and some best practices and tips when using DigitalOcean. Trust me, it’s easier than you think and it’s a lot of fun. ...
How to Customize The CSRF Failure View in Django
When working with Django and third party libraries, you may encounter a CSRF error on login or any other form submission. This is because Django requires a CSRF token to be sent with every form submission except GET requests or if the form has the csrf_exempt decorator. During my work with Django, I have encountered this error many times, sometimes due to my own mistakes and sometimes due to third party libraries or user behavior. ...
Secure Your Droplet With Cloud Firewall in 5 Minutes
I am a long time user of DigitalOcean and I have been using many of their services for more than 6 years, including their Cloud Firewall. I have been using it for a long time and I have been very happy with it. Most of the time when people create a new droplet they just leave their server open to the world, which is not a good idea, especially if you are running a production server. ...