Pages: 230
Published: January 2016
ISBN: 9781680500851
In Print
Cyber-criminals have your web applications in their crosshairs. They search for and exploit common security mistakes in your web application to steal user data. Learn how you can secure your Node.js applications, database and web server to avoid these security holes. Discover the primary attack vectors against web applications, and implement security best practices and effective countermeasures. Coding securely will make you a stronger web developer and analyst, and you’ll protect your users.
PDF for desktop/tablets
epub for Apple Books, e-readers
mobi for Kindle readers
Get all eBook formats here for $26.95 (USD)
Order via Bookshop (U.S. Only)
Please support indie bookstores!
Find indie bookstores in the U.S. Find indie bookstores around the world.
Bake security into your code from the start. See how to protect your Node.js applications at every point in the software development life cycle, from setting up the application environment to configuring the database and adding new functionality. You’ll follow application security best practices and analyze common coding errors in applications as you work through the real-world scenarios in this book.
Protect your database calls from database injection attacks and learn how to securely handle user authentication within your application. Configure your servers securely and build in proper access controls to protect both the web application and all the users using the service. Defend your application from denial of service attacks. Understand how malicious actors target coding flaws and lapses in programming logic to break in to web applications to steal information and disrupt operations. Work through examples illustrating security methods in Node.js. Learn defenses to protect user data flowing in and out of the application.
By the end of the book, you’ll understand the world of web application security, how to avoid building web applications that attackers consider an easy target, and how to increase your value as a programmer.
by Karl Düüna
Secure the environment
To build a secure system, you need to start from the ground up and
invest time in securing the environment. Otherwise your code might be
secure, but attackers can still compromise your application by
exploiting weaknesses on your servers instead. Make sure you run
up-to-date software, have secure authentication mechanisms, run the
application under low privileges, and have decent logging.
Validate all input
Hacking in general means finding an unexpected usage for a system by
introducing an unexpected input. The best way to defend yourself is to
allow as narrow of an input range as possible. It is equally important
to always validate that there is a match between the input and your
expectations.
Secure your data
Data and databases are a critical part of most web applications and
therefore a prime target for attackers. While Node.js applications might
be more inclined towards NoSQL, the principles of data protection are
the same: always use authentication mechanisms, use varying levels of
access, separate your customers’ data as much as needed or possible, and
encrypt the important parts of the database.
Protect your clients
Clients are probably the most valuable asset of your web
application—they use the system and bring in the business. So it is
natural that you must protect them with the same vigilance. This,
alongside other defenses, means you must invest in protecting the client
side of your application, including setting up CSRF and XSS defenses,
protecting against clickjacking and unvalidated redirects.
Implement “Defense in Depth”
Cyber-defense is an asymmetrical problem: while crackers need only one
of their attacks to succeed, you need all of your defenses to hold. This
is unrealistic, which is why you should always opt for “Defense In
Depth.” Never assume that the outer defenses of your application are
impenetrable. Instead, set up layers upon layers of defensive
mechanisms. Even if the attacker manages to get through one layer, the
damage they can do is limited.
Releases:
PDF for desktop/tablets
epub for Apple Books, e-readers
mobi for Kindle readers
Get all eBook formats here for $26.95 (USD)
Order via Bookshop (U.S. Only)
Please support indie bookstores!
Find indie bookstores in the U.S. Find indie bookstores around the world.
Pages: 230
Published: January 2016
ISBN: 9781680500851
Edition: 1
In Print