Node.js: Security

Learn best practices that can help Node.js developers secure their apps at all levels, from packages to the server level.

Introduction

• Securing your Node.js projects
• What you should know

1. Security Overview

• Introduction to OWASP and other sources
• OWASP top 10 in Node.js
• Overview of cross-site scripting
• Overview of denial of service
• Overview of server-side injection

2. Best Practices: Packages

• Hands-on base template overview
• Maintain package dependencies
• Add two-factor and read-only tokens with npm

3. Best Practices: Data

• Data handling with type and validation
• Use prepared statements for SQL/NoSQL
• Set proper HTTP headers with Helmet
• Encrypt user data and session management

4. Best Practices: Server Level

• Use secure HTTPS protocol
• Rate limiting against DoS attacks
• Use csurf to prevent CSRF attacks
• Use cookie attributes

5. Tools for Testing

• Introduction to OWASP dependency check
• Find vulnerabilities with Snyk
• Penetration testing with Burp

Conclusion

• Next steps