Security

Web Security is a significant concern for me. Over the past few years, I’ve been learning about ethical hacking and the broader field of web and server security and one topic that has always intrigued me is session hijacking. While many security threats, such as weak passwords, SQL injections, and cross-site scripting (XSS), have been mitigated and are relatively easy to fix, session hijacking remains a persistent threat. Its ease of exploitation and potential damage make it a serious risk to web applications. ...

The Django admin interface is one of the standout features that make Django such a powerful framework. It allows you to manage your data, customers, and models with ease. However, as with any tool that provides significant control over your application’s data, there’s a need to ensure that sensitive actions like deletions are handled carefully. ...

As of 0.56.0 release of django-allauth (2023-09-07) the support for Multi-Factor Authentication (MFA) has been added. This is great news for the Django developer as it allows to easily add MFA to your applications, but the documentation is still a bit sparse, and it appears that the feature is not widely known yet. ...

As good of a developer you are, you are not immune to data loss, mistake happen either by you or an outside force, so it is important to have a backup strategy in place and this need to be done before you need it. One of the most popular backup strategy is the 3-2-1 backup strategy, but what does it mean and how can you implement it for almost no cost and effort? ...

Few days ago I started receiving concerning email directly to my work email address, the email was from a so-called bug bounty hunter that was claiming to have found a vulnerability in one of our products, the email was very generic and it was not clear what was the vulnerability, the only thing that was clear was that the person was asking for money to disclose the vulnerability. ...

One topic I am fascinated by is cybersecurity, hacking and the work of penetration testers, if you are like me, read on this article is for you. What is Darknet Diaries? Darknet Diaries is a podcast about hackers, breaches, shadow government activity, hacktivism, cybercrime but also about security professionals and researchers. The podcast is hosted by Jack Rhysider, a security professional with over 15 years of experience in the field. ...

Django is by design very secure, most of the commons vulnerabilies such as XSS, CSRF, SQL injection, clickjacking are fixed by the simple use of the framework, but there is one that is not fixed by default, and it is the Idor vulnerability. In this article we will see what it is and how to fix it. ...

One of the most loved features of Django is the built-in administration interface. It allows for an easy way to manage your data and is highly customizable. However, it is also a very common target for attackers. In this article, we will look at some of the most common attacks against the Django administration interface and how to protect against them. ...

My go to setup for a new server is using DigitalOcean, with their generous $200 credit for new users you can run a server for free. This guide will show you how to create a new server, secure it and some best practices and tips when using DigitalOcean. Trust me, it’s easier than you think and it’s a lot of fun. ...

When working with Django and third party libraries, you may encounter a CSRF error on login or any other form submission. This is because Django requires a CSRF token to be sent with every form submission except GET requests or if the form has the csrf_exempt decorator. During my work with Django, I have encountered this error many times, sometimes due to my own mistakes and sometimes due to third party libraries or user behavior. ...

I am a long time user of DigitalOcean and I have been using many of their services for more than 6 years, including their Cloud Firewall. I have been using it for a long time and I have been very happy with it. Most of the time when people create a new droplet they just leave their server open to the world, which is not a good idea, especially if you are running a production server. ...

Introduction Django is a powerful and widely-used web development framework for building secure and robust websites and web applications. However, even with the best coding practices, security vulnerabilities can still creep in. DJ Checkup offers a user-friendly security analysis tool that runs a series of checks on your Django site. Getting Started Securing your Django site is now easier than ever with DJ Checkup. Just submit the URL of your Django site in the input field and the tool will handle the rest. ...