From the course: Advanced Express
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Securing an Express application
- [Narrator] Before we deploy our application to the open world, we should make sure that it fulfills basic security requirements. Express comes with a set of recommended best practices. Many deal with how secure connections are handled, but we will later use Nginx to do that for us. Before we talk about Express as such you should make sure that the dependencies we brought in are secure. Newer versions of npm make this very easy for us. We can simply run npm audit and it will check all installed modules for known vulnerabilities and we see that we have 1074 packages installed right now. But this is plenty of code and there is plenty that could go wrong. So running npm audit frequently like for every deployment makes sense to make sure that there are no packages installed that have known vulnerabilities that can be explored. An easy way to add some level of security to Express is using Helmet. Helmet combines a set of middlewares that deal with non-attack vectors on websites. If we…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
(Locked)
Tuning Express performance: NODE_ENV and compression4m 6s
-
(Locked)
Tuning Express performance: Further measures2m 2s
-
(Locked)
Add logging5m 3s
-
(Locked)
Using the Node.js cluster module5m 12s
-
(Locked)
Securing an Express application2m 44s
-
(Locked)
Deployment and operation with PM24m 37s
-
(Locked)
Running behind a web server5m 8s
-
(Locked)
-