Hi there 👋

Welcome to my blog. My name is Gaëtan Grond and I write about software development, security, tech and my journey as a entrepreneur and CTO.

Why Session Hijacking Remains a Persistent Web Threat

Web Security is a significant concern for me. Over the past few years, I’ve been learning about ethical hacking and the broader field of web and server security and one topic that has always intrigued me is session hijacking. While many security threats, such as weak passwords, SQL injections, and cross-site scripting (XSS), have been mitigated and are relatively easy to fix, session hijacking remains a persistent threat. Its ease of exploitation and potential damage make it a serious risk to web applications. ...

October 14, 2024 · 5 min · Gaëtan Grond

Protecting Data in Django Admin: Preventing Accidental Deletions

The Django admin interface is one of the standout features that make Django such a powerful framework. It allows you to manage your data, customers, and models with ease. However, as with any tool that provides significant control over your application’s data, there’s a need to ensure that sensitive actions like deletions are handled carefully. ...

September 23, 2024 · 3 min · Gaëtan Grond

Read Indeed Reviews Without an Account or Rating Your Company

Don’t be like Indeed Indeed is a popular job search engine that allows users to search for jobs, post resumes, and read company reviews. However, in order to read reviews on Indeed, you need to create an account and rate your current or former employer, this is really annoying and it encourages posting reviews that are not genuine. In this post, I will show you how to read Indeed reviews without an account or rating your company. ...

September 19, 2024 · 2 min · Gaëtan Grond

My Flutter Journey: Mastering Widgets, State, and Core Concepts

As a Python backend developer, working with Flutter was a bit challenging. The concept of widgets, state management, null safety and the lack of a clear convention for structuring the codebase made it difficult for me to get started. However, after developing with Flutter both professionally and personally for 2 years, I am starting to feel confident with the framework. In this article, I will share my understanding of the core concepts of Flutter that should be helpful for beginners. ...

September 18, 2024 · 12 min · Gaëtan Grond

Fix Cors Issue With Flutter for the web and Django

Flutter and Django are two powerful frameworks that can be used to build web applications. However, when you try to make a request from a Flutter web app to a Django backend, you might run into a CORS (Cross-Origin Resource Sharing) issue. In this article, I will explain what is CORS and how to fix it when using Flutter for the web and Django. ...

September 13, 2024 · 3 min · Gaëtan Grond

Deploying a Django App on Digital Ocean App Plateform in 10mn with custom domain and managed database

App Plateform use case For the past 5 years I have been a fan of Digital Ocean, it is decently priced and offers everything I need to host my professional and personal projects. While I have been using their droplets for a long time, I partially switch to their App Plateform 2 years ago and I have been loving it so far. ...

September 8, 2024 · 10 min · Gaëtan Grond

Storing List in Models with Django

Lists or arrays are commonly used data types in programming. However, Django does not have a built-in field for storing lists in models. In a recent project, I needed to store a list of strings in a model, and I had to find an elegant and efficient way to store the list in the database. ...

September 4, 2024 · 5 min · Gaëtan Grond

Fluent Python - My Private Notes

These are my personal notes from reading Fluent Python. They’re a bit scattered, but I’ve found them useful for understanding some of Python’s more advanced features, like decorators, generators, and defensive programming. I’m sharing them here in case they’re helpful to others working through similar topics or if you’re considering reading the book. ...

August 25, 2024 · 13 min · Gaëtan Grond

Why I Chose HTMX Over React and VueJS - A 6 Month Review

HTMX took the developer community by surprise, and rightfully so. It offered an alternative to using JavaScript and bloated SPAs for web apps for those did not want to dive into the complexity of frontend frameworks and JavaScript. Four years ago, when I first started building my Saas startup with Django, the recommendation was to build an API with DRF or FastAPI and use a frontend framework such as React or Vue.js. I tried them both, and while I really liked the latter, the disadvantages became more apparent as the project grew. ...

July 29, 2024 · 7 min · Gaëtan Grond

Django Security Essentials a Comprehensive Overview

Introduction In this article, I will provide a comprehensive overview of the essential security practices and configurations that you should consider when developing a Django application. A good starting point to ensure that your application is secure follows the latest security best practices and guidelines is to use the well known cookiecutter-django template. This template provides a solid foundation for building secure Django applications by incorporating various security features and configurations out of the box. ...

April 4, 2024 · 12 min · Gaëtan Grond

How to Add MFA to Django Allauth in Under 5mn

As of 0.56.0 release of django-allauth (2023-09-07) the support for Multi-Factor Authentication (MFA) has been added. This is great news for the Django developer as it allows to easily add MFA to your applications, but the documentation is still a bit sparse, and it appears that the feature is not widely known yet. ...

March 13, 2024 · 4 min · Gaëtan Grond

Reflections on the First Two Years as a Tech Founder

Two years ago, on the 15th of January 2022, I decided to launch my startup with my co-founder, a SaaS service built for hospitality professionals to help them with their day-to-day tasks that I was building for the past year. In those two years, I have travelled to 7 different countries, built a website and two mobile apps from scratch and a lot more.. let’s take a look back at what I have learned. ...

January 16, 2024 · 11 min · Gaëtan Grond

Picking the Right Flutter Packages

Choosing the right packages for your Flutter project is a crucial part of the development process, failing to pick the right packages can lead to a lot of headaches down the road. Most frameworks and languages have a package manager, Python has pip, JavaScript has npm, and Dart has pub. ...

December 15, 2023 · 3 min · Gaëtan Grond

The 3-2-1 Backup Strategy

As good of a developer you are, you are not immune to data loss, mistake happen either by you or an outside force, so it is important to have a backup strategy in place and this need to be done before you need it. One of the most popular backup strategy is the 3-2-1 backup strategy, but what does it mean and how can you implement it for almost no cost and effort? ...

November 13, 2023 · 5 min · Gaëtan Grond

Better Uptime: Ensuring Service and Website Reliability

Achieving Peace of Mind with BetterUptime: Keeping Your Services and Websites Running Smoothly As a C.T.O. and entrepreneur, ensuring the seamless operation of all the services and websites under your management is crucial. More importantly, having a service that constantly monitors and check that everything is working as expected provides invaluable peace of mind. Today, I’d like to introduce you to BetterUptime, a service that I’ve been using for over two years. ...

November 2, 2023 · 3 min · Gaëtan Grond

Beware of Fake Vulnerabilities Reports and Fear Mongering Tactics

Few days ago I started receiving concerning email directly to my work email address, the email was from a so-called bug bounty hunter that was claiming to have found a vulnerability in one of our products, the email was very generic and it was not clear what was the vulnerability, the only thing that was clear was that the person was asking for money to disclose the vulnerability. ...

October 14, 2023 · 3 min · Gaëtan Grond

Darknet Diaries Exploring Unfiltered Internet Stories of Cybersecurity and Hacking

One topic I am fascinated by is cybersecurity, hacking and the work of penetration testers, if you are like me, read on this article is for you. What is Darknet Diaries? Darknet Diaries is a podcast about hackers, breaches, shadow government activity, hacktivism, cybercrime but also about security professionals and researchers. The podcast is hosted by Jack Rhysider, a security professional with over 15 years of experience in the field. ...

September 15, 2023 · 5 min · Gaëtan Grond

Keep Your App Updated on Users Device

One of the most frustrating thing I found when I started developing mobile apps is that update are often not installed by users, web app in comparison are always up to date and does not require any action from the user. This is a problem especially when you have a new app and are pushing a lot of bug fixes and new features, fortunately there is a solution. ...

September 3, 2023 · 4 min · Gaëtan Grond

When to Use Flutter for the Web

One of the biggest advantages of Flutter is that it allows you to build apps for multiple platforms from a single codebase and the web is one of them. A lot of beginners seem to be confused about when to use Flutter for the web and if they can use it to build a website, landing page or blog, although Flutter for the web is production-ready since version 2.0 (early 2021) it does lack some features and is not suitable for all types of apps, so let’s see when to use Flutter for the web. ...

August 27, 2023 · 5 min · Gaëtan Grond

Common Problem and useful tips in Flutter

Introduction After working for more than a year with Flutter, I have encountered a lot of problems and errors that I had to solve either by myself or by searching for solutions online, here is a list of the most common problems and useful tips that I have encountered while working with Flutter. ...

August 19, 2023 · 10 min · Gaëtan Grond

Understanding IDOR Vulnerability in Django and how to fix it

Django is by design very secure, most of the commons vulnerabilies such as XSS, CSRF, SQL injection, clickjacking are fixed by the simple use of the framework, but there is one that is not fixed by default, and it is the Idor vulnerability. In this article we will see what it is and how to fix it. ...

August 15, 2023 · 4 min · Gaëtan Grond

How to Get in the Zone With Brain.fm as a Developer

When working as a developer, the best thing that can happen to us is getting in the zone. Getting in the zone means that we are so focused on our work that we forget about everything else, but to achieve such state of mind is not easy and in a world full of distractions it is even harder. ...

August 10, 2023 · 5 min · Gaëtan Grond

Using Your Django Local Server for Flutter

When working with Flutter and Django you will often need to test your app with a local server before shipping it to production, this seems like a simple task but it can be tricky to make it work with simulators. In this article, I will show you how to use your Django local server for Flutter and how to make it work with simulators in IOS and Android. ...

August 8, 2023 · 3 min · Gaëtan Grond

Remove the form in the Browsable API of Django Rest Framework

When you use Django Rest Framework, one of the great features that make DRF so powerful is the Browsable API. It allows you to navigate through your API and test it directly from your browser with a powerful form, queryset filter and much more. Even better, when enabled, you can use Django Debug Toolbar to optimize your API and see how many queries are generated like you would do with a normal Django view. ...

August 6, 2023 · 3 min · Gaëtan Grond

Create a Circular List Tile Progress Indicator in Flutter

I was working on a checklist screen app for my startup and wanted to make a visual representation of the percentage of tasks done for each checklist with the least amount of code possible and external dependencies. I came up with this solution that uses a Stack widget and a CircularProgressIndicator widget. ...

August 5, 2023 · 2 min · Gaëtan Grond

Create a Simple Maintenance Feature in Django

When working with Django for my startup I performed in several occasions very complex migrations and maintenance tasks that required the site not to be accessible for a few minutes and sometimes even hours. Even if the end user is not able to access the site, our team of superusers and admins should be able to access the site and perform the maintenance tasks. ...

August 5, 2023 · 5 min · Gaëtan Grond

Secure Your Django Administration with 6 simple steps

One of the most loved features of Django is the built-in administration interface. It allows for an easy way to manage your data and is highly customizable. However, it is also a very common target for attackers. In this article, we will look at some of the most common attacks against the Django administration interface and how to protect against them. ...

August 3, 2023 · 8 min · Gaëtan Grond

Create an Ubuntu Server for Free and Secure It in DigitalOcean - 2023 Edition Part 1

My go to setup for a new server is using DigitalOcean, with their generous $200 credit for new users you can run a server for free. This guide will show you how to create a new server, secure it and some best practices and tips when using DigitalOcean. Trust me, it’s easier than you think and it’s a lot of fun. ...

August 2, 2023 · 8 min · Gaëtan Grond

How to Customize The CSRF Failure View in Django

When working with Django and third party libraries, you may encounter a CSRF error on login or any other form submission. This is because Django requires a CSRF token to be sent with every form submission except GET requests or if the form has the csrf_exempt decorator. During my work with Django, I have encountered this error many times, sometimes due to my own mistakes and sometimes due to third party libraries or user behavior. ...

August 1, 2023 · 3 min · Gaëtan Grond

Secure Your Droplet With Cloud Firewall in 5 Minutes

I am a long time user of DigitalOcean and I have been using many of their services for more than 6 years, including their Cloud Firewall. I have been using it for a long time and I have been very happy with it. Most of the time when people create a new droplet they just leave their server open to the world, which is not a good idea, especially if you are running a production server. ...

July 31, 2023 · 5 min · Gaëtan Grond