Free Sample
+ Collection

Node Security

Dominic Barnes

For an in-depth understanding of how you can secure your Node.js applications, this is the ideal book. By learning to write code defensively and adopting security techniques you will be able to withstand common web attacks.
RRP $17.99
RRP $29.99
Print + eBook

Want this title & more?

$12.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781783281497
Paperback94 pages

About This Book

  • Examine security features and vulnerabilities within JavaScript
  • Explore the Node platform, including the event-loop and core modules
  • Solve common security problems with available npm modules

Who This Book Is For

If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

Table of Contents

Chapter 1: Introduction to Node.js
History of Node.js
How Node.js differs?
Securing Node.js applications
Chapter 2: General Considerations
JavaScript security
ES5 features
Static program analysis
Considerations for Node.js
npm modules (third-party code)
Chapter 3: Application Considerations
Introduction to Express
Security logging
Error handling
Chapter 4: Request Layer Considerations
Limiting the request size
Monitoring the event loop's responsiveness
Cross-site Request Forgery
Input validation
Chapter 5: Response Layer Vulnerabilities
Cross-site Scripting (XSS)
Denial of Service
Security-related HTTP headers

What You Will Learn

  • Master the origins of the Node.js and npm projects
  • Understand the architecture, including the event-loop and asynchronous I/O
  • Delve into the key aspects of avoiding some common pitfalls of JavaScript development
  • Incorporate ES5's security improvements, including strict-mode
  • Add static code analysis and the code-quality it promotes
  • Explore the basics of proper error-handling within Node applications
  • Understand the architecture of Express and Connect
  • Adapt common authentication and authorization schemes

In Detail

Node.js is a fast-growing platform for building server applications using JavaScript. Now that it is being more widely used in production settings, Node applications will start to be specifically targeted for security vulnerabilities. Protecting your users will require an understanding of attack vectors unique to Node, as well as shared with other web applications.

To secure Node.js applications, we’ll start by helping you delve into the building blocks that make up typical Node applications. By understanding all the layers that you are building on top of, you can write code defensively and securely. In doing so, you will be able to protect your user's data and your infrastructure, while still using the rock-star technology behind Node.js.

Teaching you how to secure your Node applications by learning about each of the layers you will be building on top of; starting with JavaScript itself, then the Node platform, and finally the npm module ecosystem. By starting with JavaScript, you will learn what to avoid and what to embrace. Next, we will explain the Node platform, including its unique architecture and core modules, so you know how things work under the hood. Finally, we will introduce the rich ecosystem of npm modules, including modules to help you solve the common security problems you might face. Through our handy tutorials, you will be able to write secure Node.js applications, ones that will remain online under pressure and be able to weather the most common attacks that face web applications today.


Read More