Day 1: Building My Django Chat App (And Why I’m Already Breaking It)

harihari
2 min read

Hey everyone! 👋

Today marks Day 1 of my 30-day Django + AppSec challenge. I’m building a real-time chat app while learning to break it (yes, I’m my own hacker!). Here’s what I did today — no fluff, just honest progress.

🛠️ What I Built Today

  1. Setup Django Project

    • Installed Django and created a project called chat_project.

    • Added a chat app and defined two models:

      • Room: For chat rooms (e.g., "General", "Python Help").

      • Message: Stores chat messages with timestamps.

  2. Admin Panel Setup

    • Created a superuser

    • Registered models in the admin panel.

🔍 Security Audit: Why I’m Already Breaking My Own App

I know what you’re thinking: "Why break your app on Day 1?"
Because security starts at the foundation . Here’s what I checked:

1. Insecure DEBUG Setting

  • Found DEBUG = True in settings.py.

  • Why it’s bad : Exposes sensitive info (like database queries) in production.

  • Fixed it : Moved DEBUG and SECRET_KEY to environment variables.

2. Predictable Admin URL

  • Default Django admin URL is /admin.

  • Why it’s bad : Easy target for attackers.

  • Fixed it : Changed to /my-secret-admin/ in urls.py.

.

🕵️ Used grep to Hunt for Security Risks

I learned this trick from a TryHackMe lab: Use grep to search for hardcoded secrets or debug settings.

💡 Lessons Learned (and Mistakes Made)

  1. Hardcoded Secrets Are Evil

    • Initially left SECRET_KEY in settings.py.

    • Now using environment variables (thanks to a quick Google search).

📅 What’s Next?

Tomorrow:

  • Add user authentication (login/register).

  • Test for SQL injection vulnerabilities using SQLMap.

  • Deploy to Render/Railway.

👋 Final Thoughts

Day 1 was all about laying the groundwork — both for the app and its security. I’m already breaking my own code to learn how to fix it, and I’m excited to see how this evolves.

If you’re learning Django or AppSec, start small, break things, and document everything . Trust me, it works!

🔗 GitHub Repo

github.com/h4tz/CHAT_APP

💬 Join the Discussion

  • Have you ever broken your own app on Day 1?

  • What’s your go-to tool for security audits?

Drop your thoughts below! 👇

#Django #AppSec #OWASPTop10 #Security #DevSecOps #Python #RedTeaming #BugBounty #Hashnode

0
Subscribe to my newsletter

Read articles from hari directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Django#OWASPTop10SecurityDevSecOpsPythonredteaming

Written by

hari
hari