Book description
Security incidents are indeed on the rise, but according to one authoritative analysis, 85% of all successful exploits focus on the top ten security vulnerabilities. In this report, author Chetan Karande—an active member of the Open Web Application Security Project (OWASP)—covers the latest OWASP Top 10 security risks as they affect Node.js web applications.
This report acts as a quick reference guide to help Node developers secure their applications against these top ten threats. Karande devotes a chapter to each risk, covering both the attack mechanics in use as well as specific measures to guard against them. With these guidelines, you’ll be able to bake in security during design, development, code reviews, and testing.
Table of contents
- Preface
- 1. Injection Attacks
- 2. Broken Authentication and Session Management
- 3. Cross-Site Scripting
- 4. Insecure Direct Object References
-
5. Security Misconfiguration
- Attack Mechanics
-
Preventing Security Misconfiguration
- Apply the Principle of Least Privileges
- Disable Any Development-Specific Features and Default Users
- Apply Security Headers on Response
- Protect Cookies by Using the httpOnly and Secure Flags
- Use Application Logs Effectively for Incident Detection and Response
- Keep Versions of Node.js and npm Modules Up to Date
- Securely Deploy the SSL/TLS
- Conclusion
- Additional Resources
- 6. Sensitive Data Exposure
- 7. Missing Function-Level Access Control
- 8. Cross-Site Request Forgery
- 9. Using Components with Known Vulnerabilities
- 10. Unvalidated Redirects and Forwards
Product information
- Title: Securing Node Applications
- Author(s):
- Release date: May 2017
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781491952412
You might also like
article
Use Github Copilot for Prompt Engineering
Using GitHub Copilot can feel like magic. The tool automatically fills out entire blocks of code--but …
article
Reinventing the Organization for GenAI and LLMs
Previous technology breakthroughs did not upend organizational structure, but generative AI and LLMs will. We now …
article
Managing Encryption Keys
This collection of shortcuts provides a practical and concise guide to securing cloud environments. It covers …
video
Writing Secure Code in ASP.NET
With the growing need for cybersecurity across the world, developers who have mastered cyber resilience get …