Getting Started with Node.js 4 Security with Express and Angular
This course will teach you how to apply common security mitigation techniques to a web application built with Angular, Express.js, and Node.js.
What you'll learn
Node.js is a server-side JavaScript platform that's rapidly being adopted by many individuals and large companies. This course, Getting Started with Node.js Security with Express and Angular, shows you how to apply secure application development practices to Node.js with Express and Angular by learning some of the security risks that are of concern in this area. You'll see the execution of exploits associated with these risks and follow through with the implementation steps for mitigating each one. First, you'll learn about protecting data from extraction, as well as how to mitigate this risk. Next, you'll learn about how to ensure legitimacy of requests. Finally, you'll learn about blocking content-hijacking and what you can do to prevent it in the first place. By the end of this course, you'll have learned about many of the risks, vulnerabilities, and mitigation techniques, why they are so important, and you'll be more equipped to use secure application development practices.
Table of contents
- Version Check 0m
- Introduction 1m
- Attack Reconnaissance 2m
- Attack Execution 2m
- Cross-site Scripting 1m
- Attack Prevention 1m
- Prevention with Input Handling 1m
- Input Handling Examples 2m
- Prevention with a Content Security Policy 1m
- Correcting in-line Styles 1m
- Correcting in-line Scripts 1m
- Content Security Policy Example 1m
- Content Security Policy Browser Support 1m
- Defense with Input Handling in Angular 3m
- Defense with Input Handling in Node.js 3m
- Defense with a Content Security Policy 4m
- Content Security Policy in Action 1m
- Summary 0m
- Introduction 1m
- Attack Reconnaissance & Execution 2m
- Man in the Middle 1m
- Client/Server Overview 0m
- Attacker Positioning 1m
- Prevention with Transport Layer Security 0m
- Transport Layer Security 1m
- Generating a Self-signed Certificate 2m
- Implementing HTTPS with a Certificate 2m
- Defense with Transport Layer Security in Place 2m
- Summary 0m
- Introduction 1m
- Attack Reconnaissance 2m
- Attack Setup 2m
- Attack Execution 2m
- Cross-site Request Forgery 1m
- Attack Prevention 1m
- Importance of Cross-site Scripting Mitigation 0m
- Prevention with HTTP Header Checks 1m
- Origin and Referer Header Example 1m
- Prevention with the Synchronizer Token Pattern 1m
- Synchronizer Token Pattern Example 1m
- Implementation of HTTP Origin and Referer Header Checks 3m
- Defense with HTTP Origin and Referer Header Checks 2m
- Defense with the Synchronizer Token Pattern 5m
- Summary 1m
- Introduction 1m
- Attack Reconnaissance & Setup 2m
- Attack Execution 1m
- Clickjacking 1m
- Attack Prevention 0m
- Prevention with HTTP Headers 2m
- Browser Support 1m
- Prevention Through Denying Framing 3m
- Prevention Through Limiting Framing from the Same Origin 2m
- Prevention Through Limiting Framing to Specific Origins 2m
- Summary 1m
About the author
Brian is a Solution Architect Specialist who has been building and architecting software for many years now. His initial focus was on ASP.NET, C#, SQL and WPF, but has since been leveraging technologies such as Angular, Node.js, JavaScript, HTML and CSS. You can find Brian on twitter @_clarkio or at clarkio.com.