In this part we will make django project ready  for the deployment

Ensure that your web application is secure and ready for deployment.

Web application security

Web application security is the process of shielding websites and online services against security threats that leave an application exposed. Web application security is essential in protecting a user’s data from a malicious user who plans to cause harm to that data.

Security setup

1) Debug = False

Please, please, please never deploy your application with DEBUG = TRUE on. Ensure that DEBUG is set to False. If you don’t do this then Django will expose all your settings and environment variables when an exception occurs.

# settings.py 
DEBUG = FALSE

2) Deployment checklist

The next important step is to run the below command in your terminal. You will then see information pertaining to your Django web application. This is very useful in giving you a quick breakdown of the major issues that require your attention before you go through with deployment. For those of you that like to get ahead early in the game, give those security messages a quick google.

python manage.py check — deploy

3) Cross-site Scripting (XSS)

Cross-site scripting attacks involve an attacker injecting a malicious script into your application. If an XSS attack is carried out, attackers may be able to steal your user’s sensitive information. Luckily for you, you can minimize the damage of XSS attacks by adding the following lines:

# settings.py 
​​​​​​​SECURE_BROWSER_XSS_FILTER = True 
SECURE_CONTENT_TYPE_NOSNIFF = True

4) SSL redirect

The below line will ensure that your application redirects all non-HTTPS requests to HTTPS.

# settings.py 
SECURE_SSL_REDIRECT = True

5) Change the default Django admin URL

Someone who is familiar with Django can easily access your admin page, by simply typing in “www.yourwebsite.com/admin" in their browser. Therefore, it is essential that you change your ‘admin/’ URL to something unique and memorable.

# urls.py 
from django.contrib import admin 
from django.urls import path 
urlpatterns = [ 
     path(‘secret-admin/’, admin.site.urls) # Updated 
]

6) HTTP Strict Transport Security (HSTS)

The below lines will protect your web application from man-in-the-middle attacks and will force a connection over HTTPS.

# settings.py 
SECURE_HSTS_SECONDS = 86400 
SECURE_HSTS_PRELOAD = True 

7) Cross-site request forgery (CSRF) protection

CSRF protection prevents you from accidentally sending your session and your CSRF cookie over HTTP by accident.

Be sure that HTTPS is set up, then add the following lines:

# settings.py 
​​​​​​​SESSION_COOKIE_SECURE = True 
CSRF_COOKIE_SECURE = True

8) Use python-decouple

Your settings.py file will be full of sensitive information. Be sure to use python-decouple to keep everything separate and safe.

9) Content Security Policy (CSP)

A content security policy (CSP) is useful if your web application contains a lot of styles and inline scripts. It can be useful for preventing clickjacking, cross-site scripting, and other types of code injection attacks. Be sure to read online about CSP.

10) Mozilla Observatory

Once you have deployed your application, be sure to check out the Mozilla observatory. It will scan your website for potential security flaws. Once the scan is complete you will get a breakdown of what is good and what needs to be improved, as well as a cool overall score, just like when you received that ‘amazing’ math test back in high school.

SEO check