Explore some of the resources available to get the latest security threats and how to mitigate them.
- [Instructor] To follow best practices with Node.js, there are several resources to help you determine if your application is unsecured and what potential threats lurk. I will explore the most important ones in this course. But if you learn one thing in this course, it's to always go to OWASP first, which is a great resource for threat and cyber security information. It is called the Open Web Application Security Project, or OWASP, and includes a big community and many resources available to you. So let's explore this amazing resource.
So first, if you're completely new to security in OWASP, head to the social media area and join the Facebook group. So you can find it on the right side here, and then you can scroll all the way down to the social areas here. And there are many social networks that you can actually follow OWASP. Then if you want to get more information on any kind of attacks by name, go to the reference area on the left here. So you can go right here in the Attacks section, and then scroll and find the actual attacks.
So, for example, if we wanna take a look at HTTP Response Splitting, you have this here. Server-Side Injection, you have the information here, so if you wanna click on that one, you can find more information about what is the attack, what are the risk factors, and some examples of code. Now let's go back to the main page, and if you'd like to get actual solutions or code snippets on several security threats, add to the Code Snippets area. So, this is right below the Attacks here. So you can click on Code Snippets, and then go again by category.
So Memory leak, you can click on that. And then get some examples of code. So let's go back again to the main page. Next, I suggest you visit also the Vulnerability section to read on potential areas where your application might be vulnerable to threats. So you can scroll again to the left, in the reference area, and then find the Vulnerabilities here. And then again it goes by sub-categories. You can find whatever is the area that you want to get more information on, and then click on it.
And finally, visit the Nodejs Goat Project, specifically for this course. So let's go back to the main page. And then do a search under node. Then it's the second link here: OWASP Node js Goat Project. This is a project focused on securing node js, specifically, and it's constantly updated with the latest information on threats and how you can improve your application against those threats. So this site is full of resources to get you started and help you in your research.
So make sure to subscribe to their mailing list to get the latest information on security threats. Let's move on.
- OWASP resources and security threats
- Cross-site scripting and denial of service attacks
- Managing packages in a Node.js app
- Adding two-factor and read-only tokens with npm
- Using prepared statements for SQL/NoSQL
- Encrypting user data and session management
- Adding HTTPS protocol to an application
- Using cookie attributes
- Tools for testing