DJANGO AS SECURE WEB-FRAMEWORK IN PRACTICE

Abstract

. Today information security has become one of the most important parts of our social media life. Social and media resources are based on web-services in the cloud. It means security of web-services is the equality of people’s social, media, data and information security. In this paper the most important focus was on special secure techniques and tools inside the most popular web-framework on Python programming language - Django. Django has several really strong design patterns and techniques with special tools to store and send user’s data in very secure methods. Developer can easily install in Django-application some new extra instruments, tools and special libraries to make web-application more securable. Django has such extremely useful instruments like Django-ORM, CSRF-tokens, XSS-protection and so many else. For example, Django-ORM (Object-Relational Mapping) is a really powerful instrument to be used for protection of such attacks like SQL-injections. One more instance, CSRF-token (Cross-site request forgery - token) is really amazing internal Django's tool against cross-site request forgery attacks that Django uses in html-templates. The best practice and good examples of these tools are shown inside this paper. Moreover, in the paper were demonstrated comparison of different attack cases and their deep analysis with protection methods from these attacks by Django's tools and techniques. One more thing, we also briefly reviewed other types of vulnerabilities and methods of protection against them and hope this article has given an understanding of the Django security techniques. Finally, Django could become more securable after each next version.