password

passwordHash

Gain insights into securing Node.js applications: sanitize inputs, use HTTPS, encryption, explore authentication, access control, and protect against XSS, CSRF, and popular hacks.

Working_SNA_Docker.tar.gz

psql

psql-copy

run_spa

run_spa_node

run_spa_hash

compose

compose-copy

compose-copy-copy

run_spa-copy

app-demo-psql

This course is your guide for securing Node.js applications. You'll start by properly sanitizing user input and output, and then move on to some fundamental protocols, such as HTTPS and SHA. Passwords and encryption will be discussed next. More specifically, you will learn about different hashing algorithms and protecting your application from brute force attacks.

Following that, you'll explore concepts like authentication, access control, and obfuscation. You will also learn about XSS, CSRF, and other popular hacks near the end of the course.

By the end of this course, you will know how to secure a Node.js application, an in-demand skill to put on your resume!

A Guide to Securing Node.js Applications

No story this time. This chapter is a catch-all for other attacks you need to protect against, so there isn't an overarching narrative. Try to contain your disappointment.


# Use safe defaults

One of the core concepts of a secure system is safe defaults. Whenever possible (and it’s usually possible), define variables, properties, and everything else early with a safe default.

A safe default usually means a default, null, empty, or false state. When determining logic flow, the default should always be a failure. For example, in the earlier authentication examples, we checked if the password was correct. If it was, we proceed to the positive application logic. If it failed, the function executes the default logic for a non-positive result.

This is incredibly important in JavaScript. Because it’s asynchronous, you can’t be sure about the order in which variables will be evaluated and mutated.

Let’s look at a basic example with form validation:


Understand the importance of using safe defaults

Introduction

Never Trust Your Users. Sanitize ALL Input!

HTTPS and Other Random Letters

Password Encryption and Storage for Everyone

Authentication, Access Control, and Safe File Handling

Safe Defaults, Cross Site Scripting, and Other Popular Hacks

Never Trust Yourself

Use safe defaults