
Learn to secure a Django application with reCAPTCHA, optional two-factor authentication, session timeout, brute-force protection, and environment variables; prerequisites include HTML, CSS, JavaScript, and Django knowledge.
Use the course Q&A forum for support from me and peers, and ask questions as needed. Try solving issues on your own first to strengthen problem-solving skills, then seek help.
Structure your sort process and take it one step at a time. Set a start and end goal, commit to a schedule, avoid overdoing, and stay positive for long-term knowledge.
Download the final project code and lecture slides from this resources lecture, with a zip file for the code and a downloadable PDF guide.
Install python 3.11.1 on Windows with the recommended installer and add python to path; then install Visual Studio Code on Windows and add key extensions like prettier and Django support.
Install Python on macOS, verify Python and pip versions, then install Visual Studio Code and customize with themes and extensions like plastic, prettier, auto rename tag, and Django support.
Set up a Django project on Windows using a virtual environment, install Django, create the project with Django admin, and run the server to see a SQLite database.
Configure a macOS Django setup by granting terminal full disk access, creating a dev folder and a virtual environment, installing Django, and launching the project.
Set up a Django app by applying default migrations, creating a Django app named Secure App, registering it in installed apps, and running the server to verify the home page.
Set up templates, urls, and views in a Django app, connecting the app's urls.py to the project using include and path. Render home, register, and dashboard templates via views.
Create a static folder in your Django project base directory with css and js subfolders; configure settings.py to serve static files from base/static and prepare to add styles.css and app.js.
Extend templates with a base.html and block content to avoid duplicating code across index.html, dashboard.html, and register.html, while loading static CSS and JavaScript.
Style your Django web app by integrating Bootstrap Bootswatch Lux, replacing index.html in templates, and updating base.html and styles.css to set a background color.
Add font awesome icons to your homepage by including the CDN in base.html and using it in index.html, selecting a lock icon and resizing with fa-2x.
Learn to implement user registration in Django by creating a user creation form (username, email, password1/password2), wiring it to a register view and template for post handling and validation.
Install crispy bootstrap five and Django crispy forms, and configure settings and templates. Load crispy forms tags to style the registration form.
Test the user creation process by creating a super user with manage.py, registering a regular user, and verifying the home page redirect and admin user list in the Django admin.
Explore how reCAPTCHA protects websites from spam and abuse by distinguishing bots from humans on sign-up forms, using Google's CAPTCHA service and noting multiple versions.
Install django reCAPTCHA and add it to your Django project. Configure Google reCAPTCHA keys in settings, sign up for v2, and use localhost 127.0.0.1 during development.
Integrate google reCAPTCHA into a Django form by adding the reCAPTCHA field, configuring public and private keys in settings, and updating the registration template to render the captcha.
Learn two factor authentication as an extra security layer beside username and password, using authenticator apps or mobile SMS on physical or virtual devices like phones.
Learn to implement two-factor authentication in Django using a recommended package, with careful, step-by-step setup to avoid common errors. Follow each step exactly and don't skip ahead.
Install the Django two-factor authentication package version 1.16.0 and its dependencies, configure apps and middleware, migrate, and set up routes and login flow for two-factor security.
Learn to configure time zones in a Django app, align server time with your region, and understand two-factor authentication setup and admin panel management in Django.
Override the default Django templates by integrating the two factor authentication templates into your app, adding template tags, and editing base.html to customize the login page, then test the changes.
Learn to style a Django dashboard and implement secure logout, including wiring logout view, URL, and login-required protection, while preparing two-factor authentication integration and responsive UI elements.
Analyze the two factor authentication templates in a Django app, focusing on base and focus templates, wizard forms and actions, and Twilio integration to support a multi-step setup flow.
Replace the template tags and two-factor folders with updated versions to customize the login templates, then test the streamlined UI and two-factor setup flow from the dashboard.
Enable two-factor authentication using the setup wizard and test its flow. Configure the TOTP tolerance, scan the QR code with Google Authenticator, and log in with a one-time token.
Learn to generate backup tokens for two factor authentication, store them securely, and use them as a last resort to log in when your authenticator fails.
Disable two factor authentication by navigating to account settings, confirming the warning, and logging out and back in to verify. Remove the Google Authenticator link to finalize.
Learn how session timeouts automatically log users out after inactivity to prevent unauthorized changes in public environments, using a session ID to secure user sessions.
Install and configure Django auto logout to enforce a session timeout after inactivity, wire middleware and context processors, and redirect users to login to safeguard the Django app.
Configure and use environment variables to keep sensitive data outside your code, and learn why you must set them before deployment to prevent exposure on public repositories.
Configure environment variables in a Django project using Django environ, set up a dot env file, and reference the secret key from the environment to protect sensitive data.
Learn to recognize brute force attacks as automated login attempts that guess usernames and passwords through trial and error, and master strategies to mitigate their impact on production web apps.
Create an account-locked html template to deter brute-force login attempts and set up a Django view and url to render it.
Configure Django axes to defend against brute force attacks by installing the package, setting failure limits and cool-off times, enabling reset on success, and using templates and logs.
Explore an optional brute force prevention method for Django axis by configuring axis logout parameters to protect admin logins while tracking failed attempts.
Enhance Django axis login security by adding a custom method decorator to the login view, focusing on username-based brute force prevention and same-browser login behavior.
Explore essential password management practices, including creating strong passwords, enabling self-service password changes, and rotating credentials every 90 days to improve security.
Learn to wire Django's built-in password management views into url patterns for resetting passwords, including reset, done, confirm with uid and token, and complete, with email links and messages.
Learn to configure Django to send emails via Gmail smtp by editing settings.py with host, port 587, tls, and an app password, using an admin email for password resets.
learn to implement custom password reset templates in Django, add template names in urls.py, and build reset, sent, form, and complete html files with csrf tokens and a post-based form.
Build a password reset flow by adding a reset entry point and a footer link, with a route to handle forgotten passwords; configure smtp settings and test the reset process.
Learn to implement Django messages by triggering a logout success flash message, display it in index.html with Bootstrap alerts, and wire up a timer in app.js for auto-hide.
Learn to implement Django messages across templates. Configure auto logout messaging in settings.py and render messages in base.html with message.tags, then test the session timeout workflow.
Add Font Awesome icons to Django messages by updating base.html and index.html, showing a check or clock icon and blue information styling for a cleaner user experience.
Apply final user interface touches by setting a consistent title in base.html. Clean up the register page spacing and add an 'already have an account' link to the login page.
Welcome! I'm here to help you ensure that your Django web application is secure for deployment.
-- Please read carefully --
This course is primarily intended for developers who have a basic knowledge of Django and want to secure their web application by integrating the following security strategies and more:
- Integrate a reCAPTCHA
- Two-Factor Authentication (2FA) with a virtual device
- Manage failed login attempts
- Add a session timeout
- Password management
- Configure behind the scenes security settings
- Additional security measures
- General advice on better security management
I want to help YOU to fully secure your Django web application.
The Python Django: Ultimate Web Security Checklist course has been structured in a simple and logical order. Everything that has been designed from the styling to the graphics and topics covered is crafted with the absolute duty of care towards the student.
It covers a variety of topics that will ensure that your website is safe and secure.
It is mixed with theory and practical hands-on demonstrations.
The course is structured in a logical and cohesive way - not just random slides plastered everywhere.
It starts off very simple and then builds on gradually throughout the course.
This course is jam-packed with lecture slides, PDF walkthroughs, code snippets/references and comes along with the full project source code - as a zip file.
All 80 + slides are available as a downloadable PDF.
The Python Django: Ultimate Web Security Checklist course is a highly practical course and allows you to apply your knowledge:
There is a wealth of hands-on lectures throughout this course.
Your instructor:
My name is Arno Pretorius. I'm a qualified IT teacher who has taught programming both in-person and online. My main passions are teaching and technology, so I thought why not just combine the best of both worlds to create something truly amazing and valuable. Over the years, I have created and deployed many real-world Django-based applications, including a job portal for university graduates and an exclusive social network.
I'm a Software developer, an AWS Solutions Architect and Developer associate. I have a keen interest in cloud computing, web development and everything that relates to programming and technology.
So, let's go and become fluent in Django web application security.
Trust me you are in good hands!
This course also comes with:
- 6 + hours of on-demand video
- Full lifetime access
- A Udemy certificate of completion
- Access on mobile and TV
Join me in this course if you want to master the fundamentals of securing your Django web application.