Essential Node.js Security
Minimum price
Suggested price

Essential Node.js Security

for Express Web Applications

About the Book

This book is intended to be a hands-on thorough guide for securing web applications based on Node.js and the Express web application framework. Many of the concepts, tools and practices in this book are primarily based on open source libraries and the author leverages these projects and highlights them.

The main objective of the book is to equip the reader with practical solutions to real world problems, and so this book is heavily saturated with source code examples as well as a high level description of the risks involved with any security topic, and the practical solution to prevent or mitigate it.

Even though Express is chosen as the case for web application framework, many concepts in this book can, and should be taken into account, and implemented with any other framework. Concepts like secure code, nosql injections, secure session management, and others are important security topics and would benefit any Node.js developer whose primary focus is web development.

  • Share this book

  • Categories

    • Node.js
    • JavaScript
    • Express
    • Computer Security
    • Software Architecture
  • Feedback

    Email the Author(s)
  • License

About the Author

Liran Tal
Liran Tal

Liran Tal is a software developer, and a GitHub Star, world-recognized for his activism in open source communities and advancing web and Node.js security. He engages in security research through his work in the OpenJS Foundation and the Node.js ecosystem security working group, and further promotes open source supply chain security as an OWASP project lead. Liran is also a published author of Essential Node.js Security and O'Reilly's Serverless Security. At Snyk, he is leading the developer advocacy team and on a mission to empower developers with better dev-first security.

Bundles that include this book

Suggested price
Bundle Price

Reader Testimonials

David Madar
David Madar

Software Engineer, Hewlett Packard Enterprise

Excellent book. Covers the possible security issues and the right way to discover and deal with them. Written clearly with plenty of examples. A great book for those who wish to enrich their knowledge in security and for those who want to implement practical security solutions in their application.

Ran Bar Zik
Ran Bar Zik

Web Developer at AOL

An essential book for every Node.js developer out there. Many security issues can be avoided just by understanding the inherent security risks and this book covers clear description and how to tackle those issues. It is recommended not only for Node.js developers but to all JavaScript developers who want to expand their understanding of security. Security in source code should not be neglected and by reading this book every developer will do a major step towards producing more secure code.

Table of Contents

  • Foreword
  • About The Author
    • Liran Tal
  • About The Reviewers
    • Danny Grander
    • Tim Kadlec
    • Cody B. Daig
    • Zach Sosana
  • About The Book
    • Requirements
    • Source Code
  • HTTP Headers Security
    • Security Headers Caveats
    • Node.js Packages for HTTP Security Headers
    • Strict Transport Security
    • X-Frame-Options
    • Content-Security-Policy
    • Other HTTP headers
    • Summary
  • Secure Session Management
    • Session Security Risks
    • Session Security in Node.js and ExpressJS
    • Summary
  • Hardening ExpressJS
    • Security Through Obscurity
    • Brute-Force Protection
    • Advanced Functionality Limiting
    • body-parser middleware
    • Summary
  • Cross-Site Request Forgery (CSRF)
    • The Risk
    • The Solution
    • Summary
  • Cross-Site Scripting (XSS)
    • The Risk
    • The Solution
    • Summary
  • Secure Code Guidelines
    • Node.js Releases and APIs
    • Input Validation
    • Output Encoding
    • Regular Expressions
    • Strict Mode and Eval
    • Cryptographic Practices
    • User Process Privileges
    • Summary
  • Injection Flaws
    • NoSQL Injections
    • NoSQL SSJS Injections
    • Blind NoSQL Injections
    • OS Command Injection
    • Summary
  • Secure Dependency Management
    • Evaluating Dependencies
    • Dependency Tracking
    • NPM Shrinkwrap
    • Yarn as npm Package Management
    • Summary
  • Notes

Causes Supported

Open Sourcing Mental Illness, Ltd

Changing how we talk about mental health in the tech community.

Changing how we talk about mental health in the tech community.

Open Sourcing Mental Illness is a non-profit, 501c3 corporation dedicated to raising awareness, educating, and providing resources to support mental wellness in the tech and open source communities. OSMI began in 2013 as a speaking campaign by Ed Finkler. Ed started speaking at tech conferences about his personal experiences as a web developer and open source advocate with a mental health disorder. The response was overwhelming, and Ed has continued to speak, gather data, and organize efforts to change experiences of those with mental health disorders in the tech workplace. This includes speaking at conferences and companies, conducting research, and creating documentation to assist companies in making supportive environments for those impacted by mental health disorders. He is assisted in these efforts by selfless volunteers who bring their time and expertise to bear on this important issue.

The Leanpub 60-day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms

Do Well. Do Good.

Authors have earned$11,968,682writing, publishing and selling on Leanpub, earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub