you want to understand security in Node.js better,
you want to migrate to Node.js,
you want hands-on experience in secure servers with Node.js.
You will get a lot more out of this course if:
You have a basic understanding of Node.js.
You have or want to build an app using Express or Koa.
The exact location of the venue in Lisbon will be announced later.
Injection attacks are among the most common attack vectors - they include SQL Injections, Cross Site Scripting (XSS) or trusted third-party sites. In this section, you will learn what these attacks are, and how you can defend your applications against them.
Learn how you can properly authenticate users, how to handle cookies, how to store passwords and sessions.
3. Cross Site Request Forgery
In this section, we will go through what CSRF is, and how attackers might try to exploit it. You will learn how to defend your applications against them.
4. Insecure Dependencies
npm has hundreds of thousands of modules. Sometimes, with an ecosystem this big, security vulnerabilities will be introduced to certain modules. You will learn how you can monitor your dependencies.
5. Default Configurations
Default configurations are sometimes not security-minded. They focus on the ease of use, therefore often leaving doors open for attackers. We will take a look at how you can secure your deployments with better configurations.
It is crucial to have a detailed audit log of what happens in your systems. With the help of them, you can investigate issues. However, logging has its danger sources as well, so you need to learn how to be security-minded when developing Node applications.
7. The Human Factor
95% of security problems are the result of some human error, like sending passwords in emails or using the same user for multiple actual users. In this part, we will go through some actionable items to make your company more secure.