2021-06-04, 17:20–18:05 (Europe/Paris), Main Room
In this talk, we will focus on two aspects. First, performing penetration testing on Django web applications to identify vulnerabilities and scanning for Open Web Application Security Project (OWASP) Top 10 risks. Second, strategies and configuration settings for making the source code and Django applications secure.
Django is the most popular Python-based web framework used for creating web applications. The web applications are vulnerable for various reasons including a) configuration settings of the web applications b) lack of implementation of security best practices and secure coding and c) lack of awareness of secure first web applications among developers. The vulnerable web applications put the data of the customers at greater risk and the compromised code can lead to problems beyond control. It is very important to develop secure web applications to protect customer data and code to mitigate the risk. In this talk, we will focus on two aspects. First, performing penetration testing on Django web applications to identify vulnerabilities and scanning for Open Web Application Security Project (OWASP) Top 10 risks. Second, strategies and configuration settings for making the source code and Django applications secure. We will also discuss the Djangohunter tool to identify incorrectly configured Django applications that are exposing sensitive information.
1. Security aspects of Django web applications (03 minutes)
2. Penetration testing of Django web applications (07 Minutes)
3. Overview of OWASP Top 10 risks (07 Minutes)
4. Djangohunter tool demonstration (06 Minutes)
5. Strategies and configuration settings to make Django Application secure (07 Minutes)
I hold Post Graduate Diploma in Cyber Laws and Cyber Forensics from the National Law School of India University Bangalore. I have presented talks at many conferences including PyData Global, JuliaCon 2018 and 2020, PyCon FR/HK/TW/ID/TZ/AU, COSCUP Taiwan, FOSDEM 2021, FOSSASIA 2021, PyCon Africa, BuzzConf, EuroPython, PiterPy Russia, SciPy India. Worked as a Reviewer and Program Committee member for reputed International conferences including SciPy USA, SciPy Japan, JuliaCon, JupyterCon, PyData Global, and PyCon India, and publishers include Manning USA and Oxford Univesity Press. I am also a GitHub Certified Campus Advisor. I lead the PyData Belagavi chapter and the OWASP Belagavi chapter. I am working as CFP Co-Chair for PyCon India 2021.