Secure Coding in Python Django

Explore secure coding resources for Python Django by provisioning an insecure Django app and practicing vulnerability mitigation on a Kali Linux client and Ubuntu server in a private network.

Download and set up the secure coding lab for Python Django by accessing the course downloads, unzip the resources, and locate slides, lab guides, Python basics, and Python scripts.

Provision Kali Linux in VMware Workstation by downloading and booting a bridged VM. Enable SSH and configure a static IP for secure remote access.

Provision a Django coffee shop app by cloning from GitHub, provisioning with vagrant and docker, and testing access from Kali Linux to Ubuntu, including login with config.env credentials.

An overview of Python basics within secure coding for Django, equipping you to build safer web applications.

Learn to execute Python with the dynamic interpreter shell and by running scripts via a shebang or the Python command, and use help, dir, type, and exit for guidance.

Show how to use lists in Python Django, with square brackets, nested objects, zero-based indexing, accessing values by index, handling duplicates, and measuring length with len while noting mutability.

Learn how to collect user input in Python 3.x with input, store it in variables, and securely handle passwords with getpass to hide input.

In project 2, initialize x at 75 and loop while x < 78, pinging 192.168.254.75, 192.168.254.76, and 192.168.254.77, printing connection status (success or failed) and incrementing x.

Build and test a Python project that pings 192.168.254.75 to 192.168.254.77 using a for loop and os.system, with single ping runs and output suppressed to /dev/null.

Explore how HTTP is a TCP-based protocol on port 80 (and HTTPS on 443), powering static, dynamic, and interactive web pages via client–server interactions, DNS, URLs, and the TCP handshake.

Observe tcpdump capturing http traffic on a linux interface, perform the tcp three-way handshake, and explain how packet-level captures hide application data while burp suite reveals http requests.

Explore the lamp web development stack by logging into a php auction site on a Linux server, validating Apache, MySQL, and php services, and examining index.php and related web files.

Explore http request methods, including post and get, that drive login flow and how 200 and 302 status codes indicate success and redirect to the proper page.

Learn how http methods like get, post, put, and others drive web forms, how query strings and request bodies carry parameters, and how browser history reveals post vs get.

Analyze web forms by inspecting the form tag, inputs, and hidden fields to understand how data is sent. Compare post and get methods with concrete examples from login and search forms, including URL parameters such as q.

Explore the core concepts of Django basics to build secure Python Django web applications. Apply secure coding principles as you establish a solid foundation for Django development.

Explore Django, a free and open source Python web framework offering rapid development, security, built-in authentication and admin, and a strong community for fast deployment.

Install and configure Django on a fresh Ubuntu server, verify network and IP, create a Django project, run the server, adjust allowed hosts, and test from Kali Linux.

Provision a Django test server on a Ubuntu VM in VMware, configure a bridge network, install OpenSSH, set a fixed IP via netplan, and verify Python 3 availability.

Install Django on Ubuntu, verify version 3.2.12, install pip, create a main store project, run the development server, and add 192168254.88 to allowed hosts.

Explore Django’s file structure, from the root project and apps like books to core scripts such as manage.py, settings.py, and urls.py, and learn how URL routing enables admin access.

Create a Django app folder with startapp, producing a books directory with views.py. Register the app in settings.py and map its URLs to expose a hello view under books.

Showcase how the Django template system separates Python code and HTML, using views.py and render to pass a context dictionary with a name variable to Hello.html for dynamic content.

Compare Django web forms URL parsing with PHP, detailing protocol, host, uri, path, and query strings. Explain get requests, parameter names, and csrf middleware token in search and product routes.

Explore how Django web forms use the post method to submit username and password to accounts/login, including csrf token management and the relevant http header details.

Explore web app vulnerabilities and attack vectors within secure coding in Python Django, and learn how to assess risks and apply mitigations in Django applications.

Explore broken access control and insecure direct object references, highlighting unvalidated input, parameter tampering, forceful browsing, and path traversal.

Demonstrates insecure direct object reference (idor) in a Django app by altering primary keys in the url to access other users' data, illustrating broken access control.

Explore OWASP top eight software and data integrity failures. See how untrusted plugins, insecure ci/cd pipelines, and unsigned updates enable tampering and insecure deserialization, risking remote code execution.

Explore security misconfiguration on the web server side, including unused features, insecure defaults, missing security headers, and outdated software, and learn how DOS and DDoS attacks threaten web applications.

Explore secure coding practices for Python Django and gain an overview of securing web applications with Django.

Enforce server-side access control to avert idor and replace direct ids with indirect references such as hashes, while validating input, applying csrf protection, and following secure coding practices in Django.

Explore securing against IDOR in a Django app by omitting sensitive primary keys from URLs, enforcing authentication checks, and relying on Django's built-in session security.

Prevent insecure deserialization by sanitizing XML bodies and enforcing strict format. Validate input as product with an integer value to return HTTP five error if invalid.

Secure coding in Python Django demonstrates defending a Django web application against insecure deserialization by implementing a strict policy, validating an XML post body, and returning quantity in JSON.

secure a django web application against sql injection by using orm, parameterized queries, input validation, input sanitization, stored procedures, least privilege, and up to date software.

Demonstrate securing a Django coffee shop app by replacing insecure raw sql with the orm approach using product.objects.filter and icontains. Verify the protection by restarting the container and retesting queries.

Learn to defend a django web app against cross-site scripting by validating inputs, encoding outputs, applying a content security policy, securing http-only cookies, and keeping software up to date.

Wraps up the secure coding in Python Django course by reviewing Django basics, the web application lab, and web application vulnerabilities and attacks, then demonstrates securing web apps with Django.

Complete the secure coding in Python Django course and apply learned best practices for writing secure Django and Python applications. Review course completion takeaways and reinforce secure coding habits.