0
0
Djangoframework~20 mins

Why Django security matters - Challenge Your Understanding

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Django Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Why is CSRF protection important in Django?
Django includes built-in CSRF protection. What is the main reason this security feature is important?
AIt prevents attackers from tricking users into submitting unwanted requests on their behalf.
BIt encrypts all data sent between the user and the server.
CIt blocks users from accessing pages without logging in.
DIt automatically updates Django to the latest secure version.
Attempts:
2 left
💡 Hint
Think about what happens if a user unknowingly sends a harmful request.
component_behavior
intermediate
2:00remaining
What happens if DEBUG=True in production?
In Django settings, what is the risk of leaving DEBUG=True when your site is live?
AUsers cannot log in until DEBUG is set to False.
BThe site runs faster because debugging is enabled.
CDetailed error pages with sensitive information are shown to all users.
DStatic files are not served correctly.
Attempts:
2 left
💡 Hint
Consider what information error pages might reveal.
📝 Syntax
advanced
2:00remaining
Which middleware enables Django's security features?
Select the correct middleware line to add in MIDDLEWARE for security headers.
A'django.middleware.csrf.CsrfViewMiddleware',
B'django.middleware.security.SecurityMiddleware',
C'django.middleware.clickjacking.XFrameOptionsMiddleware',
D'django.middleware.common.CommonMiddleware',
Attempts:
2 left
💡 Hint
This middleware adds headers like HSTS and others for security.
🔧 Debug
advanced
2:00remaining
What error occurs if SECRET_KEY is missing?
If you remove or leave empty the SECRET_KEY in Django settings, what error will you see when running the server?
ASyntaxError: invalid syntax in settings.py
BModuleNotFoundError: No module named 'secret_key'
CAttributeError: 'NoneType' object has no attribute 'encode'
Ddjango.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.
Attempts:
2 left
💡 Hint
SECRET_KEY is required for cryptographic signing.
state_output
expert
3:00remaining
What is the output of this Django view with improper user input handling?
Consider this Django view code snippet: 
from django.http import HttpResponse

def greet(request):
    name = request.GET.get('name', 'Guest')
    return HttpResponse(f"Hello, {name}!")
What security risk does this code have and what will be the output if a user visits /greet?name=<script>alert('XSS')</script>?
Django
from django.http import HttpResponse

def greet(request):
    name = request.GET.get('name', 'Guest')
    return HttpResponse(f"Hello, {name}!")
AThe output will be <code>Hello, &lt;script&gt;alert('XSS')&lt;/script&gt;!</code> and it causes a cross-site scripting (XSS) vulnerability.
BThe output will be <code>Hello, Guest!</code> because Django automatically escapes input.
CThe server will raise a ValueError due to unsafe characters in the URL.
DThe output will be <code>Hello, &lt;script&gt;alert('XSS')&lt;/script&gt;!</code> but no security risk exists.
Attempts:
2 left
💡 Hint
Think about how raw user input is handled in HttpResponse.