Learn best practices that can help Node.js developers secure their apps at all levels, from packages to the server level.
Overview
Syllabus
Introduction
- Securing your Node.js projects
- What you should know
- Introduction to OWASP and other sources
- OWASP top 10 in Node.js
- Overview of cross-site scripting
- Overview of denial of service
- Overview of server-side injection
- Hands-on base template overview
- Maintain package dependencies
- Add two-factor and read-only tokens with npm
- Data handling with type and validation
- Use prepared statements for SQL/NoSQL
- Set proper HTTP headers with Helmet
- Encrypt user data and session management
- Use secure HTTPS protocol
- Rate limiting against DoS attacks
- Use csurf to prevent CSRF attacks
- Use cookie attributes
- Introduction to OWASP dependency check
- Find vulnerabilities with Snyk
- Penetration testing with Burp
- Next steps
Taught by
Emmanuel Henri
