password

passwordHash

Working_SNA_Docker.tar.gz

psql

psql-copy

run_spa

run_spa_node

run_spa_hash

compose

compose-copy

compose-copy-copy

run_spa-copy

app-demo-psql

This course is your guide for securing Node.js applications. You'll start by properly sanitizing user input and output, and then move on to some fundamental protocols, such as HTTPS and SHA. Passwords and encryption will be discussed next. More specifically, you will learn about different hashing algorithms and protecting your application from brute force attacks.

Following that, you'll explore concepts like authentication, access control, and obfuscation. You will also learn about XSS, CSRF, and other popular hacks near the end of the course.

By the end of this course, you will know how to secure a Node.js application, an in-demand skill to put on your resume!

A Guide to Securing Node.js Applications

## Routes
You will usually use some type of abstracted access control layer on top of your regular controllers/routes/etc.  This layer should map your routes to the access level required to view that route.  For example, `/user/*` might only be accessible to users in the "admin" group, as implemented in the previous lesson.  `POST` and `PUT` requests might only be accessible to "editors." `DELETE` requests should only be accessible by “admins.” We can accomplish this in Express by building on the examples in the [previous](https://www.educative.io/courses/securing-nodejs-apps/access-control) lesson. Add additional middleware to check the user’s credentials against other groups:

# Routes
You will usually use some type of abstracted access control layer on top of your regular controllers/routes/etc.  This layer should map your routes to the access level required to view that route.  For example, `/user/*` might only be accessible to users in the "admin" group, as implemented in the previous lesson.  `POST` and `PUT` requests might only be accessible to "editors." `DELETE` requests should only be accessible by “admins.” We can accomplish this in Express by building on the examples in the [previous](https://www.educative.io/courses/securing-nodejs-apps/access-control) lesson. Add additional middleware to check the user’s credentials against other groups:

Learn how to protect your routes and redirects.

Introduction

Never Trust Your Users. Sanitize ALL Input!

HTTPS and Other Random Letters

Password Encryption and Storage for Everyone

Authentication, Access Control, and Safe File Handling

Safe Defaults, Cross Site Scripting, and Other Popular Hacks

Routes and Redirects

Routes