password

passwordHash

Gain insights into securing Node.js applications: sanitize inputs, use HTTPS, encryption, explore authentication, access control, and protect against XSS, CSRF, and popular hacks.

Working_SNA_Docker.tar.gz

psql

psql-copy

run_spa

run_spa_node

run_spa_hash

compose

compose-copy

compose-copy-copy

run_spa-copy

app-demo-psql

This course is your guide for securing Node.js applications. You'll start by properly sanitizing user input and output, and then move on to some fundamental protocols, such as HTTPS and SHA. Passwords and encryption will be discussed next. More specifically, you will learn about different hashing algorithms and protecting your application from brute force attacks.

Following that, you'll explore concepts like authentication, access control, and obfuscation. You will also learn about XSS, CSRF, and other popular hacks near the end of the course.

By the end of this course, you will know how to secure a Node.js application, an in-demand skill to put on your resume!

A Guide to Securing Node.js Applications

# Outputting to the browser
Take precautions when saving data you take in. Sanitize or escape any user-generated data that is output back to the browser.

You can modify and escape your data before saving to the database, or in between by retrieving and outputting it to the browser. This depends on how your data is edited and used. For example, if the user is editing the data later, it makes more sense to save as-is and sanitize upon output.

What security benefits come from escaping user-generated data that you output? Suppose a user submits the following JavaScript snippet to your application, which then saves it for  outputting later:

```
<script>alert('I am not sanitized!');</script>
```

If you don’t sanitize this code before echoing it to the browser, the malicious JavaScript will run as if you wrote it yourself. In this case, it’s a harmless `alert()`, but a hacker won't be nearly as kind.

An image’s EXIF data is another popular exploit. If a user uploads an image and your application displays the XIFF data, it needs to be sanitized. Always sanitize displayed data that came into your app from the outside.

If you're using a templating library or a framework that handles templating, escaping may happen automatically. Make sure to check the documentation for your library/framework of choice to determine how this works.

You may choose to handle this yourself. The [html-escape](https://www.npmjs.com/package/html-escape) library provides a function that will be your best friend when displaying data. Simply call the `escape()` method on your data to replace it with properly escaped HTML:

Learn how to sanitize your output in Node.js.

Introduction

Never Trust Your Users. Sanitize ALL Input!

HTTPS and Other Random Letters

Password Encryption and Storage for Everyone

Authentication, Access Control, and Safe File Handling

Safe Defaults, Cross Site Scripting, and Other Popular Hacks

Sanitizing Output

Outputting to the browser