To ensure the security of the application, the following risks were identified and addressed:
-
Unauthorized Access:
- Risk: Unauthorized users gaining access to sensitive data or functionality.
- Mitigation: Implemented role-based access control (RBAC) to restrict access to specific features based on user roles (e.g., Admin, Professor, Student).
-
Data Breaches:
- Risk: Sensitive data being exposed during communication or storage.
- Mitigation: Used JSON Web Tokens (JWT) for secure communication between the client and server. JWTs are signed and encrypted to prevent tampering.
-
SQL Injection:
- Risk: Malicious SQL queries being executed through user input.
- Mitigation: Leveraged Django's built-in ORM, which automatically sanitizes user inputs and prevents SQL injection attacks.
-
Cross-Site Scripting (XSS):
- Risk: Malicious scripts being injected into the application.
- Mitigation: Django's template engine automatically escapes variables, reducing the risk of XSS attacks.
-
Cross-Site Request Forgery (CSRF):
- Risk: Unauthorized actions being performed on behalf of authenticated users.
- Mitigation: Enabled Django's CSRF middleware, which requires a valid CSRF token for all state-changing requests.
- Password Hashing: Django's default authentication system uses bcrypt to securely hash and store passwords.
- Regular Updates: Keep Django and all dependencies up to date to patch known vulnerabilities.