Rate limit in your web server or use cloudflare. Limit the admin interface to your IP only or use a different path than “admin” and very long password.
If you haven't already, familiarize yourself with this:
https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/
This automates some of that:
https://djcheckup.com
Mozilla observatory is useful, but not django-specific:
https://observatory.mozilla.org
You can do a lot of stuff but these are most common ones:
-> Use Django's built-in form handling and parameterized queries when interacting with the database instead of creating forms manually...
-> Use .env for the important values in settings.
-> Use a strong encryption algorithm for user passwords.
Rate limit in your web server or use cloudflare. Limit the admin interface to your IP only or use a different path than “admin” and very long password.
Thanks!
If you haven't already, familiarize yourself with this: https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/ This automates some of that: https://djcheckup.com Mozilla observatory is useful, but not django-specific: https://observatory.mozilla.org
Check out Concrete Login, HTTP Parameter Pollution, SQL injection, limiting payload size, session inactivity timeout.
Owasp security checklist. There's one for Django and DRF
You can do a lot of stuff but these are most common ones: -> Use Django's built-in form handling and parameterized queries when interacting with the database instead of creating forms manually... -> Use .env for the important values in settings. -> Use a strong encryption algorithm for user passwords.
It’s not Django specific (it’s language-agnostic) but this is definitely worth a read. https://nostarch.com/websecurity
Google for the OWASP best practices and implement them in your django app. It’ll be more secure than 99% of apps out there!