Node.js Security

PT22127
Training Summary
Node.js is a fast-growing platform for building server applications using JavaScript. Now that it is being more widely used in production settings, Node applications will start to be specifically targeted for security vulnerabilities. Protecting your users will require an understanding of attack vectors unique to Node, as well as shared with other web applications. To secure Node.js applications, we’ll start by helping you delve into the building blocks that make up typical Node applications. By understanding all the layers that you are building on top of, you can write code defensively and securely. In doing so, you will be able to protect your user's data and your infrastructure, while still using the rock-star technology behind Node.js. Teaching you how to secure your Node applications by learning about each of the layers you will be building on top of; starting with JavaScript itself, then the Node platform, and finally the npm module ecosystem. By starting with JavaScript, you will learn what to avoid and what to embrace. Next, we will explain the Node platform, including its unique architecture and core modules, so you know how things work under the hood. Finally, we will introduce the rich ecosystem of npm modules, including modules to help you solve the common security problems you might face. Through hands-on tutorials, you will be able to write secure Node.js applications, ones that will remain online under pressure and be able to weather the most common attacks that face web applications today.
  • Examine security features and vulnerabilities within JavaScript
  • Explore the Node platform, including the event-loop and core modules
  • Solve common security problems with available npm modules
Prerequisites
  • You should have a basic understanding of client-server architecture and how communication is accomplished across the network. This will be needed to understand the security concepts and defense techniques used in the course.
  • We'll be using JavaScript, NodeJS with Express, and Angular in the sample application. It will be helpful if you have some familiarity with these technologies, however, the concepts regarding security do not require specific knowledge in this technologies and can be applied to any other technology stack as well
  • You should have a basic understanding of client-server architecture and how communication is accomplished across the network. This will be needed to understand the security concepts and defense techniques used in the course.
  • We'll be using JavaScript, NodeJS with Express, and Angular in the sample application. It will be helpful if you have some familiarity with these technologies, however, the concepts regarding security do not require specific knowledge in this technologies and can be applied to any other technology stack as well
Duration
5 Days/Lecture & Lab
Audience
This course is mainly designed for Web developers. But this course can be useful for all developers who are interested in Web security.
Course Topics
  • Introduction to Node.js
  • General Considerations
  • Application Considerations
  • Request Layer Considerations
  • Response Layer Vulnerabilities

Related Scheduled Courses