Understanding the security risks that threatens a Node.js web application is crucial to its success. This course aims at providing functional mitigations to apply to your application against those vulnerabilities.
Since its creation in 2009, Node.js has seen exponential growth in its community of users and the applications they are building. With the drive towards a connected society, the need for web applications has never been greater. Yet, despite the push to connect the world as we know it, businesses of all sizes fall victim to data breaches everyday. The security risks that a Node.js based web application face are no different than any other web application. This course, Securing Your Node.js Web App, will empower you with both the understanding of various web based security risks and how to apply the proper mitigation in your Node.js web application. First, you'll learn about implementing proper authentication and session management. Next, you'll explore how to protect your MongoDB database from injection attacks and how to handle untrusted data - a key player in many of the risks you'll look at. Finally, you'll wrap up by learning how to control application and user authorization to key access areas and the benefits of serving our application over HTTPS. By the end of this course, you'll be on your way to building a significantly more secure Node.js web application.
Max McCarty is the founder and owner of the software security site LockMeDown.com and hosts the popular Lock Me Down Podcast. As a senior software engineer, Max’s focus is on software security and empowering the everyday developer with the information to write more secure software.
Course Overview Hi everyone. My name is Max McCarty, and welcome to my course, Securing Your Node. js Application. I'm a software engineer in Pittsburgh, Pennsylvania, and host of the Lock Me Down Podcast. Since its creation in 2009, Node. js has seen exponential growth in its community of users and the applications they are building. In the drive towards a connected society, the need for web applications has never been greater. Even companies such as Wall Street Journal, eBay, GoDaddy, Microsoft, and Ancestry. com have embraced Node for various needs. Yet despite the push to connect the world as we know it, businesses of all sizes fall victim to data breaches every day. With over 5000 data breaches reported since 2005, we clearly still have a problem, which brings us to why we are here. Web application security isn't going anywhere, and it isn't getting any easier to securely host user personal and financial information. In this course, not only will we implement the code to mitigate major security threats our web application will face, but also introduce you to a number of security testing tools along the way. We'll be tackling areas such as implementing proper authentication and session management, protecting our MongoDB database from injection attacks, and how to handle untrusted data, a key player in many of the risks we'll be looking at. Also, how to control application user authorization to key access areas, and the benefits of serving our application over HTTPS. By the end of this course, you'll be on your way to building a significantly more secure Node. js web application, because someone or some company's application will be the next victim of a data breach. The question is, will it be yours? I really enjoyed building this course, and I hope you'll enjoy watching it.