Node Security


Node Security
eBook: $17.99
Formats: PDF, PacktLib, ePub and Mobi formats
$15.29
save 15%!
Print + free eBook + free PacktLib access to the book: $47.98    Print cover: $29.99
$29.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Support
Sample Chapters
  • Examine security features and vulnerabilities within JavaScript
  • Explore the Node platform, including the event-loop and core modules
  • Solve common security problems with available npm modules

Book Details

Language : English
Paperback : 94 pages [ 235mm x 191mm ]
Release Date : October 2013
ISBN : 1783281499
ISBN 13 : 9781783281497
Author(s) : Dominic Barnes
Topics and Technologies : All Books, Enterprise Products and Platforms, Networking and Servers, Open Source

Table of Contents

Preface
Chapter 1: Introduction to Node.js
Chapter 2: General Considerations
Chapter 3: Application Considerations
Chapter 4: Request Layer Considerations
Chapter 5: Response Layer Vulnerabilities
Index
    • Chapter 2: General Considerations
      • JavaScript security
      • ES5 features
        • Strict mode
        • Object property descriptors
      • Static program analysis
      • Considerations for Node.js
        • Callback errors
        • EventEmitter error handling
        • Uncaught exceptions
        • Domains
        • Process monitoring
      • npm modules (third-party code)
      • Summary
      • Chapter 3: Application Considerations
        • Introduction to Express
        • Authentication
          • HTTP Basic Authentication
          • HTTP Digest Authentication
          • Introducing Passport.js
          • OpenID
          • OAuth
        • Authorization
        • Security logging
        • Error handling
        • Summary
        • Chapter 4: Request Layer Considerations
          • Limiting the request size
            • Using streams instead of buffering
          • Monitoring the event loop's responsiveness
          • Cross-site Request Forgery
          • Input validation
          • Summary
          • Chapter 5: Response Layer Vulnerabilities
            • Cross-site Scripting (XSS)
            • Denial of Service
            • Security-related HTTP headers
              • Content security policy
              • HTTP Strict Transport Security (HSTS)
              • X-Frame-Options
              • X-XSS-Protection
              • X-Content-Type-Options
              • Cache-Control
            • Summary

            Dominic Barnes

            Dominic Barnes is a web developer as a hobbyist and by profession. Since writing HTML with Microsoft Notepad back in high school, he has grown in skill through the many opportunities he has had. With experiences in ColdFusion, ASP.NET, PHP, and now Node.js, his passion is to create applications that people find useful. To him, the user experience is paramount and requires writing secure and high-performance code, no matter what platform is being used.
            Sorry, we don't have any reviews for this title yet.

            Code Downloads

            Download the code and support files for this book.


            Submit Errata

            Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


            Errata

            - 1 submitted: last submission 12 Nov 2013

            Errata type: Typo | Page no: 9

             

            The line    If you purchased this book elsewhere, you can visit http://www.packtpub.com/supportand register to have the files e-mailed directly to you.

            should be   If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.

             

            Sample chapters

            You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

            Frequently bought together

            Node Security +    Mastering Object-oriented Python =
            50% Off
            the second eBook
            Price for both: £20.45

            Buy both these recommended eBooks together and get 50% off the cheapest eBook.

            What you will learn from this book

            • Master the origins of the Node.js and npm projects
            • Understand the architecture, including the event-loop and asynchronous I/O
            • Delve into the key aspects of avoiding some common pitfalls of JavaScript development
            • Incorporate ES5's security improvements, including strict-mode
            • Add static code analysis and the code-quality it promotes
            • Explore the basics of proper error-handling within Node applications
            • Understand the architecture of Express and Connect
            • Adapt common authentication and authorization schemes

            In Detail

            Node.js is a fast-growing platform for building server applications using JavaScript. Now that it is being more widely used in production settings, Node applications will start to be specifically targeted for security vulnerabilities. Protecting your users will require an understanding of attack vectors unique to Node, as well as shared with other web applications.

            To secure Node.js applications, we’ll start by helping you delve into the building blocks that make up typical Node applications. By understanding all the layers that you are building on top of, you can write code defensively and securely. In doing so, you will be able to protect your user's data and your infrastructure, while still using the rock-star technology behind Node.js.

            Teaching you how to secure your Node applications by learning about each of the layers you will be building on top of; starting with JavaScript itself, then the Node platform, and finally the npm module ecosystem. By starting with JavaScript, you will learn what to avoid and what to embrace. Next, we will explain the Node platform, including its unique architecture and core modules, so you know how things work under the hood. Finally, we will introduce the rich ecosystem of npm modules, including modules to help you solve the common security problems you might face. Through our handy tutorials, you will be able to write secure Node.js applications, ones that will remain online under pressure and be able to weather the most common attacks that face web applications today.

            Approach

            A practical and fast-paced guide that will give you all the information you need to secure your Node applications.

            Who this book is for

            If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

            Code Download and Errata
            Packt Anytime, Anywhere
            Register Books
            Print Upgrades
            eBook Downloads
            Video Support
            Contact Us
            Awards Voting Nominations Previous Winners
            Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
            Resources
            Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software