Skip to main content
HashnodeDEV + APPSEC

Command Palette

Search for a command to run...

Day 1: Building My Django Chat App (And Why I’m Already Breaking It)

Updated
2 min read
H
hari
Part of series30-days Django plus Appsec

Hey everyone! 👋

Today marks Day 1 of my 30-day Django + AppSec challenge. I’m building a real-time chat app while learning to break it (yes, I’m my own hacker!). Here’s what I did today — no fluff, just honest progress.

🛠️ What I Built Today

  1. Setup Django Project

    • Installed Django and created a project called chat_project.

    • Added a chat app and defined two models:

      • Room: For chat rooms (e.g., "General", "Python Help").

      • Message: Stores chat messages with timestamps.

  2. Admin Panel Setup

    • Created a superuser

    • Registered models in the admin panel.

🔍 Security Audit: Why I’m Already Breaking My Own App

I know what you’re thinking: "Why break your app on Day 1?"
Because security starts at the foundation . Here’s what I checked:

1. Insecure DEBUG Setting

  • Found DEBUG = True in settings.py.

  • Why it’s bad : Exposes sensitive info (like database queries) in production.

  • Fixed it : Moved DEBUG and SECRET_KEY to environment variables.

2. Predictable Admin URL

  • Default Django admin URL is /admin.

  • Why it’s bad : Easy target for attackers.

  • Fixed it : Changed to /my-secret-admin/ in urls.py.

.

🕵️ Used grep to Hunt for Security Risks

I learned this trick from a TryHackMe lab: Use grep to search for hardcoded secrets or debug settings.

💡 Lessons Learned (and Mistakes Made)

  1. Hardcoded Secrets Are Evil

    • Initially left SECRET_KEY in settings.py.

    • Now using environment variables (thanks to a quick Google search).

📅 What’s Next?

Tomorrow:

  • Add user authentication (login/register).

  • Test for SQL injection vulnerabilities using SQLMap.

  • Deploy to Render/Railway.

👋 Final Thoughts

Day 1 was all about laying the groundwork — both for the app and its security. I’m already breaking my own code to learn how to fix it, and I’m excited to see how this evolves.

If you’re learning Django or AppSec, start small, break things, and document everything . Trust me, it works!

🔗 GitHub Repo

github.com/h4tz/CHAT_APP

💬 Join the Discussion

  • Have you ever broken your own app on Day 1?

  • What’s your go-to tool for security audits?

Drop your thoughts below! 👇

#Django #AppSec #OWASPTop10 #Security #DevSecOps #Python #RedTeaming #BugBounty #Hashnode

#django#owasptop10#security#devsecops#python#redteaming

Comments

Join the discussion

No comments yet. Be the first to comment.

30-days Django plus Appsec

Part 1 of 4
Up next

Day 2: Securing Django Admin & Scanning Ports with nmap

Building a Secure Chat App – From Setup to Security Checks Welcome back! 🚀Today is Day 2 of my 30-day Django + AppSec challenge . My goal is to build a secure real-time chat app while learning cybersecurity skills like red teaming , tool usage , and...

More from this blog

DEV + APPSEC

4 posts

trying to develop webapps and break it