Leanpub The Leanpub Logo is a Registered Trademark
AccountLibraryOverviewPurchasesStoreSupport
BooksBundlesCoursesFeaturedNewslettersPodcastSupportWhy Leanpub
BooksBundlesCoursesFeaturedNewslettersPodcastSupportWhy Leanpub
Essential Node.js Security
Essential Node.js Security
$19.00
Minimum price
$27.00
Suggested price
  • 733

    Readers

  • 101

    Pages

  • 22,247

    Words

  • English

  • PDF

  • EPUB

  • MOBI

  • WEB

Essential Node.js Security

This book is 100% complete

Completed on 2020-06-12

About the Book

This book is intended to be a hands-on thorough guide for securing web applications based on Node.js and the Express web application framework. Many of the concepts, tools and practices in this book are primarily based on open source libraries and the author leverages these projects and highlights them.

The main objective of the book is to equip the reader with practical solutions to real world problems, and so this book is heavily saturated with source code examples as well as a high level description of the risks involved with any security topic, and the practical solution to prevent or mitigate it.

Even though Express is chosen as the case for web application framework, many concepts in this book can, and should be taken into account, and implemented with any other framework. Concepts like secure code, nosql injections, secure session management, and others are important security topics and would benefit any Node.js developer whose primary focus is web development.

About the Author

Liran Tal
Liran Tal

Liran Tal is the lead maintainer and core member of the MEAN.JS JavaScript framework project, as well as a top contributor to MEAN.io including many other Node.js repositories and npm packages. He is a seasoned speaker at JavaScript, Node.js, and Security conferences and meetups as well as maintaining Node.js security projects and contributor to the OWASP community projects. Liran has previously authored books on web development, and agile software engineering and technically reviewed more than a dozen others.

At the office, Liran is leading an agile R&D engineering team for HP Software’s enterprise marketplace on Drupal/PHP, Node.js, AngularJS, and Java. He plays a key role in system architecture design, shaping the technology strategy and mentoring team members to technical growth and personal empowerment.

Being an avid supporter and contributor to the open source movement, in 2007 he has redefined network RADIUS management by founding, and developing daloRADIUS, a world-recognized and industry-leading open source project (http://www.daloradius.com).

Bundles that include this book

Essential Node.js Security
Holistic InfoSec For Web Developers, Fascicle 0: Physical and People
Holistic InfoSec For Web Developers, Fascicle 1: VPS, Network, Cloud and Web Applications
Holistic InfoSec For Web Developers, Fascicle 2: Mobile and IoT
Web Developer Security Toolbox
4 Books
$78.97
Suggested Price
$35.00
Bundle Price

Reader Testimonials

David Madar
David Madar

Software Engineer, Hewlett Packard Enterprise

Excellent book. Covers the possible security issues and the right way to discover and deal with them. Written clearly with plenty of examples. A great book for those who wish to enrich their knowledge in security and for those who want to implement practical security solutions in their application.

Ran Bar Zik
Ran Bar Zik

Web Developer at AOL

An essential book for every Node.js developer out there. Many security issues can be avoided just by understanding the inherent security risks and this book covers clear description and how to tackle those issues. It is recommended not only for Node.js developers but to all JavaScript developers who want to expand their understanding of security. Security in source code should not be neglected and by reading this book every developer will do a major step towards producing more secure code.

Table of Contents

  • Foreword
  • About The Author
    • Liran Tal
  • About The Reviewers
    • Danny Grander
    • Tim Kadlec
    • Cody B. Daig
    • Zach Sosana
  • About The Book
    • Requirements
    • Source Code
  • HTTP Headers Security
    • Security Headers Caveats
    • Node.js Packages for HTTP Security Headers
    • Strict Transport Security
    • X-Frame-Options
    • Content-Security-Policy
    • Other HTTP headers
    • Summary
  • Secure Session Management
    • Session Security Risks
    • Session Security in Node.js and ExpressJS
    • Summary
  • Hardening ExpressJS
    • Security Through Obscurity
    • Brute-Force Protection
    • Advanced Functionality Limiting
    • body-parser middleware
    • Summary
  • Cross-Site Request Forgery (CSRF)
    • The Risk
    • The Solution
    • Summary
  • Cross-Site Scripting (XSS)
    • The Risk
    • The Solution
    • Summary
  • Secure Code Guidelines
    • Node.js Releases and APIs
    • Input Validation
    • Output Encoding
    • Regular Expressions
    • Strict Mode and Eval
    • Cryptographic Practices
    • User Process Privileges
    • Summary
  • Injection Flaws
    • NoSQL Injections
    • NoSQL SSJS Injections
    • Blind NoSQL Injections
    • OS Command Injection
    • Summary
  • Secure Dependency Management
    • Evaluating Dependencies
    • Dependency Tracking
    • NPM Shrinkwrap
    • Yarn as npm Package Management
    • Summary
  • Notes

Causes Supported

Open Sourcing Mental Illness, Ltd

Changing how we talk about mental health in the tech community.
https://osmihelp.org

Changing how we talk about mental health in the tech community.

Open Sourcing Mental Illness is a non-profit, 501c3 corporation dedicated to raising awareness, educating, and providing resources to support mental wellness in the tech and open source communities. OSMI began in 2013 as a speaking campaign by Ed Finkler. Ed started speaking at tech conferences about his personal experiences as a web developer and open source advocate with a mental health disorder. The response was overwhelming, and Ed has continued to speak, gather data, and organize efforts to change experiences of those with mental health disorders in the tech workplace. This includes speaking at conferences and companies, conducting research, and creating documentation to assist companies in making supportive environments for those impacted by mental health disorders. He is assisted in these efforts by selfless volunteers who bring their time and expertise to bear on this important issue.

Authors have earned$9,530,340writing, publishing and selling on Leanpub,
earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.

Learn more about writing on Leanpub

The Leanpub 45-day 100% Happiness Guarantee

Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses! Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks. Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. It really is that easy.

Learn more about writing on Leanpub

Leanpub is copyright © 2010-2020 Ruboss Technology Corp. All rights reserved.