Web Application Security with Django: A Hands-On Tutorial

Sunday 9:00am, Balboa I & II
Intermediate

About This Tutorial

XSS, SQL Injections and Improper Authorization, oh my! Between the OWASP Top 10, CSRF, stealing sessions, and DDOS attacks, have you ever felt overwhelmed or that the world of security was too complex to understand? Do you find yourself wishing that you understood what those acronyms really translate to in a live web application?

Well, if that’s you then this is the tutorial you’ve been waiting for. In this tutorial, we’ll cover essential topics in web security, including the majority of the OWASP Top 10, but we won’t be doing it in a theoretical manner. We’ll take a live, deliberately insecure web application, identify the vulnerabilities, exploit them, and finally fix them. Sound cool? It is!

Topics include the following:

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Cookies and how they can be abused
  • Why default passwords are dangerous
  • Improper authorization checking
  • Incorrect Session Management
  • SQL Injection
  • How to abuse Pickle
  • And more!

You’ll also learn next steps and we’ll provide suggested resources for continuing your security education.

While previous experience with Django is not required, it is recommended. You should have an understanding of how web applications work in general and have completed the official Django Tutorial or something substantially similar.

Photo of

Jacinda Shelly

Jacinda has been programming for over half her life and loves how special the Python and Django communities have always felt. In addition to programming, Jacinda enjoys spending time with her family, reading and learning new things, traveling the world and sharing stories with others. She has a passion for making technical topics approachable and understandable. She currently serves as the CTO at Doctor On Demand, a video-based telemedicine practice.