This course provides essential practical knowledge to build secure and resilient Node.js applications. It starts with a brief primer on Node.js fundamentals, related Idiosyncrasies, and then flows into exploiting and fixing the most common web application vulnerabilities, identified as the top OWASP 10 risks, and beyond.
Topics covered include:- Node.js fundamentals
- Security implications of JavaScript language constructs and Node.js specific Idiosyncrasies
- Client-side attacks and mitigations
- Building secure REST and GraphQL APIs
- Building Authentication with JSON Web Tokens (JWT)
- Securing data in transit and at rest
- Eliminating Security Misconfiguration pitfalls
- Common sources of Denial of Service attacks and mitigations
- Securing against Components with known vulnerabilities
- Logging & Monitoring
- Preparing for the Production Environment
- Security considerations for the Cloud and Serverless environment
During the course, participants will also gain valuable insights from the security mistakes frequently found in known Node package vulnerabilities.
This course includes a balanced combination of essential theory and hands-on lab exercises. With the practical knowledge gained during the class, participants can introduce a security culture into their teams and immediately improve the security posture of the Node applications they ship.