Explore the basics of server-side injection and how it impacts Node.js.
- [Instructor] Server-Side Injection is the…activity of injecting untrusted data…into the server as part of a command or a query.…With this injected code the attacker can trick…the server to do all sorts of no good.…The attacker typically will use eval,…set timeout, set interval,…and function methods to process malicious code.…For example, an attacker could inject a While (1)…conditional into an eval function,…therefore rendering the server useless…by using 100% of its resources.…
Leveraging eval's weaknesses,…the attacker could also insert commands…to read the content of a response call…to a known server and therefore be able to…pull user data.…To minimize service-side injections,…you wanna do the following:…Always validate and sanitize user input…as we've mentioned many times in this course.…Never use eval, setTimeout, and setInterval…and function to parse user input.…Use JSON.parse when you need to…parse user input.…
Or for type conversion,…use the safer parse methods,…like parse integer, for example.…Include use strict in your code.…
- OWASP resources and security threats
- Cross-site scripting and denial of service attacks
- Managing packages in a Node.js app
- Adding two-factor and read-only tokens with npm
- Using prepared statements for SQL/NoSQL
- Encrypting user data and session management
- Adding HTTPS protocol to an application
- Using cookie attributes
- Tools for testing
Skill Level Intermediate
Node.js: Deploying Applicationswith Kirsten Hunter1h 24m Intermediate
Node.js: Debugging and Performance Tuningwith Jon Peck2h 44m Intermediate
1. Security Overview
OWASP top 10 in Node.js2m 22s
2. Best Practices: Packages
3. Best Practices: Data
4. Best Practices: Server Level
5. Tools for Testing
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.