Securing Applications in Node.js [Video]

More Information
  • Discover common attacks on web applications such as XSS and CSRF and ways to mitigate them.
  • Rate-limit your APIs to prevent abuse.
  • Build a user registration, login, and password reset flow.
  • Add two-factor authentication to let security conscious users further protect themselves.
  • How to do passwordless authentication via magic links in emails.
  • How OAuth and OpenID allow you to authenticate users via third-party services.

Everyone agrees that web application security is very important but there are very few to take it seriously. There have been lots of high-profile instances of websites having their password databases exposed to the World (e.g. Ashley Madison and Adobe). You don’t want the application you are building to be the next big security horror story. This course will get you up-to-speed on the key attack vectors, quickly covering issues such as cross-site scripting, CSRF, and SQL injection. It will provide you with clear, practical approaches to mitigating these problems. It will show you how to implement OAuth and two-factor authentication for the additional protection of users who need it. Further, we will delve into the critical process of adding secured, well-thought-out authentication and authorization to a Node.js application. After completing this course, you should be confident in your ability to make an application secure with Node.js and keep your data protected.

All the code and supporting files for this course are available on Github at

Style and Approach

This course provides step-by-step instructions along with the required implementations showcasing various security issues and ways to mitigate them. The author also highlights some practical examples wherever applicable during the course.

  • A complete guide to securing your applications in Node.js.
  • Get exposure to various practical problems and get clear solutions, while developing a foundation based on
  • how those solutions work.
  • Work with the tools required to evaluate the security of libraries and safeguard them against common vector attacks, cross-request site forgery, and many more attacks.
Course Length 3 hours 26 minutes
ISBN 9781789136791
Date Of Publication 30 Nov 2018


Forbes Lindesay

Forbes Lindesay is an experienced JavaScript developer. The author has made substantial contributions in the Node.js open source community. The author has spent four years building web applications in the industry, first at Redgate then at Facebook. Forbes likes the way new techniques allow us to write more complex, and more reliable software, faster than ever before, and wishes to contribute back to the community with his ability and experience garnered over the years.