password

passwordHash

Gain insights into securing Node.js applications: sanitize inputs, use HTTPS, encryption, explore authentication, access control, and protect against XSS, CSRF, and popular hacks.

Working_SNA_Docker.tar.gz

psql

psql-copy

run_spa

run_spa_node

run_spa_hash

compose

compose-copy

compose-copy-copy

run_spa-copy

app-demo-psql

This course is your guide for securing Node.js applications. You'll start by properly sanitizing user input and output, and then move on to some fundamental protocols, such as HTTPS and SHA. Passwords and encryption will be discussed next. More specifically, you will learn about different hashing algorithms and protecting your application from brute force attacks.

Following that, you'll explore concepts like authentication, access control, and obfuscation. You will also learn about XSS, CSRF, and other popular hacks near the end of the course.

By the end of this course, you will know how to secure a Node.js application, an in-demand skill to put on your resume!

A Guide to Securing Node.js Applications

# Obtaining an SSL certificate
The first step to running on HTTPS is to obtain a certificate. There are cheap or free certificates available from some certificate authorities. These won’t come pre-installed on popular web browsers, making them useless for external-facing sites. If you’re running an internal application, cheap alternatives and self-signed certificates are valid options. For everyone else, purchase a certificate.

I recommend checking with your DNS provider to see if they offer discounted or easy-to-set-up certificates. For example, DNSimple provides subscription payments for certificates at a considerable discount.

If your DNS provider does not provide certificates, Symantec/VeriSign is a well-respected certificate authority.

Now, go buy one!

Walk through the setup process of your chosen certificate authority. Usually, you will upload your server certificate (`yourApp.csr`), and they will email you the signed certificate.


Your certificate authority will provide you with the signed certificate, which we'll name `yourAppSigned.crt`.  Copy this to your server. For this example, I'll use the following path:

```
/usr/bin/ssl/yourAppSigned.crt
```

Learn how to use your certificates with Apache or Nginx.

Introduction

Never Trust Your Users. Sanitize ALL Input!

HTTPS and Other Random Letters

Password Encryption and Storage for Everyone

Authentication, Access Control, and Safe File Handling

Safe Defaults, Cross Site Scripting, and Other Popular Hacks

Apache and Nginx setup

Obtaining an SSL certificate