password

passwordHash

Working_SNA_Docker.tar.gz

psql

psql-copy

run_spa

run_spa_node

run_spa_hash

compose

compose-copy

compose-copy-copy

run_spa-copy

app-demo-psql

This course is your guide for securing Node.js applications. You'll start by properly sanitizing user input and output, and then move on to some fundamental protocols, such as HTTPS and SHA. Passwords and encryption will be discussed next. More specifically, you will learn about different hashing algorithms and protecting your application from brute force attacks.

Following that, you'll explore concepts like authentication, access control, and obfuscation. You will also learn about XSS, CSRF, and other popular hacks near the end of the course.

By the end of this course, you will know how to secure a Node.js application, an in-demand skill to put on your resume!

A Guide to Securing Node.js Applications

## Obscurity
Have you heard the phrase: security through obscurity? It’s rarely true, but in some cases, helpful. Most applications use an ID field in each table as a primary key. This ID is then used throughout the system to access data. It is passed through URLs, forms, and APIs to denote the needed piece of data.

Sometimes, you don’t want to expose the user to the actual row ID. Maybe you are launching a new product and don’t want the user to know that they are only the 13th user. Perhaps you have public data but don’t want your site to be easily crawled by scraping bots.

In these cases, you can obfuscate the ID to something that isn’t incremental but can be translated to your ID field. Rather than doing this:
You could do:



# Obscurity
Have you heard the phrase: security through obscurity? It’s rarely true, but in some cases, helpful. Most applications use an ID field in each table as a primary key. This ID is then used throughout the system to access data. It is passed through URLs, forms, and APIs to denote the needed piece of data.

Sometimes, you don’t want to expose the user to the actual row ID. Maybe you are launching a new product and don’t want the user to know that they are only the 13th user. Perhaps you have public data but don’t want your site to be easily crawled by scraping bots.

In these cases, you can obfuscate the ID to something that isn’t incremental but can be translated to your ID field. Rather than doing this:
You could do:



Learn how to secure your app through obscurity.

Introduction

Never Trust Your Users. Sanitize ALL Input!

HTTPS and Other Random Letters

Password Encryption and Storage for Everyone

Authentication, Access Control, and Safe File Handling

Safe Defaults, Cross Site Scripting, and Other Popular Hacks

Obfuscation

Obscurity