Saturday, July 13, 2024

Learning Django: Key Concepts Every Beginner Should Master

When building sophisticated online applications, developers frequently use the well-liked Python web framework Django. Yet, learning everything about Django at once can be difficult for beginners. In order to become proficient in Django, beginners should study and grasp some of the fundamental principles that are highlighted in this article.


At the heart of every Django website are apps. Apps are small pieces of a project that make up an entire website. We create apps to represent different parts of a website, and how you structure your apps is entirely up to you. Apps typically contain some kind of database models, URLs, views, and other information about a particular part of our website. Imagine we were building with Django; we could have one app that represents all the information and logic about users, another app that contains all our database tables, logic for posts, and things related, like likes and comments for those posts, all inside of one app. When it comes to Facebook groups, it would be best to put that into its app, so all that logic is separate from other parts of our website. All these apps would sit inside of a main project folder, and you would simply let Django know about these apps by registering them inside of your application settings file.


Views are simply functions that are in charge of processing a user’s request when they visit a certain URL or endpoint on our website. When a user goes to our website, some view associated with that URL is responsible for some logic in the back-end and returning some form of response with data, which is typically some kind of HTML template or JSON data. Views can also be represented as classes, and these are called class-based views. The major difference between function-based views and class-based views is how they extend logic. For anybody just starting to learn Django, we would highly recommend that you first start by learning function-based views because they are easier to understand, and most of the documentation is written using function-based views. However, it’s necessary to have a good understanding of class-based views and how to effectively use them.

Recommended:  Pwndora - Mass IPv4 Scanner

URL Routing

To handle URL routing in a Django application, we create URL patterns in a list and simply attach different paths to those views. This is how Django knows which view to fire off when a user visits a URL on our website. In this example, we would simply use the path function, set a URL route, and assign an associated view.


Models are simply class-based representations of our database tables and are at the core of how we design our database. With models, we create a class that represents a table, and the attributes in this class represent each column inside of that database table. Knowing how to create relationships between these tables, such as one-to-many and many-to-many, is also a must. Along with knowing how to design your database, you also need to know how to work with this database. Simple methods like get all and filter are how we retrieve items from the database using Django’s built-in ORM.

Admin Panel and CRUD Operations

While personally, I like to build out my own interface in any application I make, Django also gives us this admin panel to view, create, and update any data in our database. The admin panel is a great tool to start with and is also highly customizable. While building most any application, you probably will have to perform CRUD (create, read, update, and delete) operations at some point. We can perform tasks like this by writing all of our code from scratch using methods like the save and delete method, or we could use Django model forms and/or class-based views that handle a lot of this functionality for us.

Static Files and User Authentication

Static files, such as images, CSS, and JavaScript, are essential to every website, and Django makes it easy to serve these files. By default, Django looks for static files in a directory called “static” located in each app’s directory. However, it’s also possible to specify a different directory to serve static files from.

Recommended:  Secrets To Recon (Reconnaissance) - A Bug Hunter's Guide

To configure static file handling in Django, you would typicallyy perform the following steps:

Define the static files directory: You can define the directory where your static files are stored in your settings file. This is done by setting the STATIC_ROOT variable to the absolute path to your static files directory. For example:

STATIC_ROOT = '/var/www/static/'
  1. Configure the static URL: You need to tell Django where to find static files at runtime. This is done by setting the STATIC_URL variable in your settings file. For example:
STATIC_URL = '/static/'
  1. Serve static files in development: During development, Django can serve static files for you. You need to add the following line to your file:
from django.conf import settings
from django.conf.urls.static import static

urlpatterns = [
    # ... some url patthers here ...

if settings.DEBUG:
    urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)

This simply tells Django to serve static files from the STATIC_ROOT directory when the DEBUG setting is set to True.

User Authentication

User authentication is a critical component of many web applications. Django provides a built-in authentication framework that makes it easy to add authentication to your application. The authentication framework provides the following features:

  • User authentication: Users can create accounts, log in, and log out.
  • Password management: Users can change their password or reset it if they forget it.
  • Permissions: You can define permissions and assign them to users or groups of users.

To use the authentication framework, you need to perform the following steps:

  1. Install the authentication app: The authentication app is included with Django. To use it, you need to add ‘django.contrib.auth’ to the INSTALLED_APPS setting in your settings file.
    # ... other apps here ...
    # ... other apps here ...

Configuring authentication backends: Django supports multiple authentication backends, which allow you to authenticate users using different methods, such as email or social media accounts. You need to specify which authentication backends to use in the AUTHENTICATION_BACKENDS setting in your settings file. For example:

AUTHENTICATION_BACKENDS = [    'django.contrib.auth.backends.ModelBackend',    'allauth.account.auth_backends.AuthenticationBackend',]

This example uses the default ModelBackend, which authenticates users based on their username and password, and the allauth backend, which provides social media authentication.

  1. Define login and logout views: Django provides built-in views for logging in and logging out. You need to include these views in your file:
from django.contrib.auth.views import LoginView, LogoutView

urlpatterns = [
    # ... your URL patterns here ...
    path('login/', LoginView.as_view(template_name='login.html'), name='login'),
    path('logout/', LogoutView.as_view(template_name='logout.html'), name='logout'),
  1. Protect views with login_required: You can protect views/pages so that only authenticated users can access them by using the login_required decorator:
from django.contrib.auth.decorators import login_required

def my_view(request):
    # ... view code here ...

Django is a powerful and popular web framework that makes it easy to develop complex web applications. With features such as URL routing, template rendering, database ORM, user authentication, and static file serving, Django provides developers with the tools they need to build robust and scalable web applications.

Recommended:  What distinguishes Application Security from API Security?

One of the major benefits of Django is its ability to handle large amounts of data through its powerful ORM. This allows developers to work with databases in a way that’s intuitive and efficient, making it easier to develop applications that require complex data models.

Overall, Django is a powerful and versatile web framework that’s suitable for a wide range of web development projects. Whether you’re building a small blog or a large-scale web application, Django’s features and flexibility make it an excellent choice for your next project.

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base


Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates