Essential Node.js Security
This book is 100% complete
Completed on 2017-07-19
About the Book
This book is intended to be a hands-on thorough guide for securing web applications based on Node.js and the ExpressJS web application framework. Many of the concepts, tools and practices in this book are primarily based on open source libraries and the author leverages these projects and highlights them.
The main objective of the book is to equip the reader with practical solutions to real world problems, and so this book is heavily saturated with source code examples as well as a high level description of the risks involved with any security topic, and the practical solution to prevent or mitigate it.
Even though ExpressJS is chosen as the case for web application framework, many concepts in this book can, and should be taken into account, and implemented with any other framework. Concepts like secure code, nosql injections, secure session management, and others are important security topics and would benefit any Node.js developer whose primary focus is web development.
License
About the Author
Bundles that include this book
Reader Testimonials
David Madar
Software Engineer, Hewlett Packard Enterprise
Excellent book. Covers the possible security issues and the right way to discover and deal with them. Written clearly with plenty of examples. A great book for those who wish to enrich their knowledge in security and for those who want to implement practical security solutions in their application.
Ran Bar Zik
Web Developer at AOL
An essential book for every Node.js developer out there. Many security issues can be avoided just by understanding the inherent security risks and this book covers clear description and how to tackle those issues. It is recommended not only for Node.js developers but to all JavaScript developers who want to expand their understanding of security. Security in source code should not be neglected and by reading this book every developer will do a major step towards producing more secure code.
Table of Contents
- Foreword
-
About The Author
- Liran Tal
-
About The Reviewers
- Danny Grander
- Tim Kadlec
- Cody B. Daig
- Zach Sosana
-
About The Book
- Source Code
-
HTTP Headers Security
- Node.js Packages to Secure The HTTP Transport
- Strict Transport Security
- X-Frame-Options
- Content-Security-Policy
- Other HTTP headers
- Summary
-
Secure Session Management
- Session Security Risks
- Session Security in Node.js and ExpressJS
- Summary
-
Hardening ExpressJS
- Security Through Obscurity
- Brute-Force Protection
- Advanced Functionality Limiting
- body-parser middleware
- Summary
-
Cross-Site Request Forgery (CSRF)
- The Risk
- The Solution
- Summary
-
Cross-Site Scripting (XSS)
- The Risk
- The Solution
- Summary
-
Secure Code Guidelines
- Node.js Releases and APIs
- Input Validation
- Output Encoding
- Regular Expressions
- Strict Mode and Eval
- Cryptographic Practices
- User Process Privileges
- Summary
-
Injection Flaws
- NoSQL Injections
- NoSQL SSJS Injections
- Blind NoSQL Injections
- OS Command Injection
- Summary
-
Secure Dependency Management
- Evaluating Dependencies
- Dependency Tracking
- NPM Shrinkwrap
- Yarn as npm Package Management
- Summary
- Notes
Causes Supported
PHPWomen
An inclusive & global network providing support within the PHP community.
http://phpwomen.orgAn inclusive & global network providing support within the PHP community.
The Leanpub 45-day 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms...
