In this article, I'll discuss my recent web development using Django and if you're new to this website, let me give you a short brief.
HackBotOne platform is a blogging website. The idea behind this platform is to publish contents from Application Security & Software Development like (Application Development, Security Tools, Bug Bounty write-ups, Open-Source projects and many more) which can be helpful for those who have an interest and passion in these areas.
For the past couple of months, I did few reviews of HackbotOne old website, which I built using MERN stack a few years ago. And found out many missing parts in terms of design, technology stack & security protection of the website and many more. So I have to rebuild the site from scratch with new architecture, and this time, I have chosen Django as the technology stack. Now the question is why I have switched to Django over the MERN stack?
Let me explain to you in brief.
In terms of full-stack web development, Django gained so much popularity in the industry. And due to its architecture (raid development, clean design & high security), many technologist giant companies like (YouTube, Netflix, Facebook, Instagram, UBER & many more) are running on the Django web framework. The framework comes with a toolkit that saves lots of time for the developers and allows them to reuse the same components every time. Developers spent only time building new modules that will be unique throughout the development. Django is free and open-source with vast community support that helps developers to build web application faster & secure also contribute to the open-source community.
Now, I'll explain the architecture of Django that I found important in this framework that helps to build a full-stack based web application efficiently.
- Django Security Protection
- How Django provides security protection?
- What is Django MVT (Models Views Templates) design pattern?
Django Security Protection
Web application security is always essential in every web development project to overcome the security risk to the application. So before starting on rebuilding this website, I have more concern on the security aspect that can maintain the website more efficiently and securely. So in today's modern web application development, there are many web frameworks available to develop a full-stack based web application but not every framework provides security by default to protect the application. And as per my research, I found Django has an excellent reputation for protecting web application from security vulnerabilities as it provides security protection by default.
Django has built-in security middlewares that cover OWASP Top 10 security guidelines to protect the web application.
Security in Django
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Host header validation
- Referrer policy
- Session security
- User-uploaded content
Django security guideline says although it provides good security protection still it's the developer responsibility to follow some of the basic guidelines while deploying the application into production.
Please refer to Django security documentation for more information.
How Django protect security within the framework?
To handle security vulnerabilities, Django provides built-in security middlewares to protect the application. And under the settings.py file of every Django project, these middlewares can be found.
These middlewares work like a plugin to handle various security vulnerabilities to protect the web application. And Django also allows us to create custom middleware which is also a great feature to write security plugin.
Please refer to Django official security middleware documentation for more information.
The software design pattern is always quite important in every software development project, and Django follows MVT (Model View Template) design pattern in every web application project.
The model is a class that subclasses django.db.models.Model and Django use these models to create tables in the database. And the model act as an interface to simplify the complex database query and maps to one single table in the database, an attribute of the model represent as database fields.
In this example below, Blog is a model class with 15 fields defined as class attributes and maps to the database column.
Django's Database engine will map to the above model and create a table like below.
Please refer to Django official documentation of Models for further understanding.
The Django views are essential components of every web application that takes a web request and returns a web response. And the acknowledgement can be an anything HTML page or redirect to another page.
Django Official documentation says
When a page is requested, Django creates an HttpRequest object that contains metadata about the request. Then Django loads the appropriate view, passing the HttpRequest as the first argument to the view function. Each way view is responsible for returning an HttpResponse object.
Let's understand the above example code line by line.
- First, we imported the render method that returns the HTTPResponse object.
- Second, we defined an index function that takes the request object as an argument which is nothing but an HTTPRequest object.
- Third, the index function is a view function that returns the HTTPResponse object.
Please refer to Django official documentation of the view function for further understanding.
Django template system configured in settings.py that contains configuration like to update the DIRS path and so on.
Please refer to Django official documentation of the Templates for further understanding.
Django is a very well structured, high-level python web framework that provides a complete suite for full-stack web development to build the website faster, secure and more scalable, so that's why I choose this framework to rebuild the HackbotOne website.
The HackbotOne microservices built using django-rest-framework, and there are three different services developed to store and retrieve the data.
The Admin panel controls all three microservices and stores data in the PostgreSQL database. To retrieve the records for all three microservices, api.hackbotone.com connects to the database returns results for each endpoint and all of these endpoints are publicly accessible over the internet.
The complete development I have made open-source on my Github, and if you're interested in Django development, I believe hackbotone project work definitely will be helpful on your project. I'll highly encourage you to clone both of the below repositories, and if you find any issues or have any idea feel free to raise an issue.
I hope you found this article helpful, please share this article on your social media or developer communities, so others can be benefited by reading this post.