Day 2: Securing Django Admin & Scanning Ports with nmap

Building a Secure Chat App – From Setup to Security Checks

Welcome back! 🚀
Today is Day 2 of my 30-day Django + AppSec challenge . My goal is to build a secure real-time chat app while learning cybersecurity skills like red teaming , tool usage , and vulnerability auditing .

Today’s focus:

1. Securing the Django Admin Panel by renaming the default /admin URL.

2. Scanning open ports with nmap to identify potential risks in the development environment.

Let’s dive in!

Scanning Open Ports with nmap

Why It Matters

• Exposed ports (like Django’s default 8000) reveal running services to attackers.

• nmap helps identify these risks during development.

What I Did

sudo apt install nmap

nmap -p 1-65535 127.0.0.1

Lessons Learned

1. Security Through Obscurity Works (a Little) :

   • Renaming /admin won’t stop determined attackers but deters bots and scripts.

2. Port Scanning 101 :

   • Open ports = potential attack vectors.

   • Tools like nmap help spot risks early.

3. Dev Server ≠ Production :

   • The Django dev server is for local testing only. Use Nginx/Gunicorn in production.

Final Thoughts

Day 2 was a mix of practical coding and real-world security checks . By renaming the admin URL and scanning ports, I’m learning to think like an attacker early in the development cycle.

If you’re following along, try these steps yourself and share your results! 🛡️

GitHub Repo : https://github.com/h4tz/CHAT_APP

Previous Post : Day 1: Building My Django Chat App (And Why I’m Already Breaking It)