Course

Skills Expanded

Secure Coding in Django 4

This course will teach you how to use and implement the OWASP ASVS standards to write code that’s secure against malicious attacks.

Preview this course

What you'll learn

Django provides a great number of functionalities that can help you keep the application and its data safe and secure. In this course, Secure Coding in Django 4, you’ll learn to write a secure application in Django that keeps the sensitive data safe and is resilient to attacks. First, you’ll explore how to properly handle authentication of users and authorization to resources. Next, you’ll discover how to sanitize and manage user input and output over TLS. Finally, you’ll learn how to harden your app by doing all the right configurations and checks to protect it from malicious code. When you’re finished with this course, you’ll have the skills and knowledge of Django and OWASP ASVS principles needed to develop an application that ensures the privacy of the users and keeps their data away from harm.

Course Overview

1min

Course Overview 2m

Secure Coding with OWASP

14mins

Course Introduction 5m
OWASP ASVS - Introduction 3m
Architecture, Design, and Threat Modeling 7m

Authentication

20mins

Authentication 4m
Demo: Setup User Authentication 5m
Demo: Good Password Practices 3m
Demo: Two-factor Authentication 3m
Demo: Password Reset 2m
Demo: Protect Against Automation Attacks 3m

Secure Sessions

18mins

Secure Sessions in Django 5m
Cookie-based Session Management 4m
Session Lifecycle 3m
Step-up Authentication 5m
Summary 1m

Access Control

12mins

Introduction to Access Control 3m
Role-based Access Control 3m
Access Control with Groups 2m
How Does CSRF Attack Work? 2m
Anti-CSRF Mechanism in Django 2m
Summary 1m

Validation, Sanitization, and Encoding

19mins

Introduction to Input Validation 4m
Validation and Sanitization of Form Data 5m
Protecting from SQL Injection Attacks 4m
Protecting from OS Injection Attacks 4m
Insecure Deserialization of Data 2m

Protecting Sensitive Data

20mins

Protecting Sensitive Data Using Django 5m
Demo: Encrypt Sensitive Data in Cookies 3m
Demo: Encrypt Sensitive Data in Database 2m
Demo: Cleanup Data from the Browser 3m
Demo: User's Privacy and Consent Workflow 3m
Demo: Sending Data in GET vs POST Requests 2m
Demo: Enforce Secure Protocols for Data in Transit 3m
Summary 1m

Error Handling and Logging

14mins

Introduction to Error Handling and Logging 4m
How to Prevent Logging Sensitive Information 3m
Obfuscating Sensitive Information 3m
Logging Security Incidents 2m
Error Handling Without Leaking Critical Information 2m
Summary 1m

Hardening Configuration to Protect against Malicious Code

24mins

Impact of Malicious Code on an App 4m
Verify Dependency Packages 3m
Detect Outdated and Vulnerable Packages 2m
Generate SRI Hashes for JS Dependencies 3m
Hardening Configuration in Production 2m
Disable Debug Features in Production 2m
Block Sensitive Information from Headers 2m
Set Appropriate Security Headers 3m
Validate HTTP Requests 2m
Summary 1m

Business Logic Security

10mins

Vulnerabilities in Business Logic 3m
Adhere to Business Logic Flows 4m
Rate Limiting on Business Actions 3m
Summary 1m

Securing Third-party Files

18mins

How Can Untrusted Files Prove Harmful? 4m
Limit the Size of File Being Uploaded 2m
Validate Filename and Scan for Virus 3m
Store Files Securely 4m
What Is a SSRF Attack? 2m
Prevent SSRF Attacks 3m
Summary 1m

API and Web Services

12mins

API and Web Services 4m
Demo: Securing APIS 5m
Demo: Validate JSON Schema 2m
Summary 2m

New Module

0mins

New Module

0mins

About the author

Sangeeta Singh

Sangeeta is a senior backend engineer with over 8 years of experience in developing highly scalable software, some of which are used by millions of users and many of the fortune 500 companies. She has worked with all sort of technology and softwares, ranging from systems programming for mission critical softwares at the RnD division of HPE, to predictive network analysis for a network at Packet Design, then leading development of critical components of Cloud backup softwares at Druva and now del... more

See more courses by Sangeeta Singh

Ready to upskill? Get started

Contact Sales

Secure Coding in Django 4

What you'll learn

Table of contents

About the author

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Contact Sales

Secure Coding in Django 4

What you'll learn

Table of contents

About the author

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Ready to skill up
your entire team?

Ready to skill up
your entire team?