Protect your Django web app using essential security and authentication measures. Learn how to implement two-factor authentication, encrypt user data, and more.
Overview
Syllabus
Introduction
- Security and Django
- What you should know
- What's included in the project
- Installing the project
- Running the server
- Setting up per-object permissions in Django
- Enabling per-object permissions in Django
- Unit test for per-object permissions in Django
- Creating a group permissions model
- Unit test for access control and group permissions
- Adding activity logs for auditing
- Deleting objects in an audit/compliance-compatible way
- Using ApacheBench to simulate a flood of requests
- How to ensure actions happen only once
- Unit testing idempotent actions that should only happen once
- Using background queues to throttle floods of requests
- Unit testing background queue flood prevention
- Per-field encryption of data in Django
- Unit testing per-field encryption
- Zero knowledge encryption of data in Django
- Unit testing zero knowledge encryption
- Packaging user data for download
- Using Twilio to send an SMS code
- Confirming SMS code and enabling 2FA
- Validating 2FA login before performing actions in Django
- Unit testing 2FA login requirement for Django REST API
- Enabling CSRF tokens in Django
- Unit testing Django forms that use CSRF
- Next steps
Taught by
Rudolf Olah