2๐
A very good place to read up is OWASP; see http://www.owasp.org/index.php/Main_Page. They have extensive documentation regarding website security.
Edit: For a quick overview, check the โTop Ten.โ
2๐
SQL Injection
Prevent malicious users from altering SQL queries via URL query strings.
DoS Attacks
Prevent users from the same IP address from accessing your site an excessive number of times in a small space of time.
Password Strength
When allowing users to create their own passwords, show a password strength indicator which encourages users to enter stronger passwords.
Captcha
Stop non-human users from submitting to forms by presenting a captcha image. You may also want to use this if password authentication is failed multiple times, to prevent robots from guessing passwords.
2๐
The Google Browser Security Handbook has a lot of information about potential vulnerabilities in the web architecture, in particular the details that are affected by the behavior of web browsers (as opposed to server based vulnerabilities, like SQL injection attacks and the like). It is a good starting point for learning about how browsers work in ways that impact security, like how they handle cookies, cross domain requests, images and MIME types, etc.
- [Django]-Django many-to-many
- [Django]-Django โ designing models with virtual fields?
- [Django]-BASE_DIR returning settings path and not project path (django 1.10)
- [Django]-How to train a Keras model in Django: weak reference to 'gevent._local.local' object error
- [Django]-Django multitenant: how to customize django setting "ACCOUNT_EMAIL_VERIFICATION" per tenant?
1๐
One book I might recommend is โSecurity Engineeringโ by Ross Anderson. Itโs fairly detailed and it gives a good overview of many different topics relating to computer security, although not all of it is relevant for securing a website.
- [Django]-Two process in one Heroku app vs two heroku apps
- [Django]-Custom settings and wsgi in django 1.10 give me error
- [Django]-How to make Django use two different databases based on debug flag
- [Django]-How to set PYTHONPATH on web server