Essential Node.js Security for Express Web Applications

Hands-on and abundant with source code for a practical guide to Securing Node.js web applications.

• Node.js Secure Code Guidelines

• OWASP Essential Security Risks and Countermeasures

• Express Hardening

• Node.js and npm secure dependencies management

• Understanding and securing HTTP Headers, NoSQL Injections, XSS, CSRF, Regex DoS, Sessions and more

This book is intended to be a hands-on thorough guide for securing web applications based on Node.js and the Express web application framework. Many of the concepts, tools and practices in this book are primarily based on open source libraries and the author leverages these projects and highlights them.

The main objective of the book is to equip the reader with practical solutions to real world problems, and so this book is heavily saturated with source code examples as well as a high level description of the risks involved with any security topic, and the practical solution to prevent or mitigate it. 

Even though Express is chosen as the case for web application framework, many concepts in this book can, and should be taken into account, and implemented with any other framework. Concepts like secure code, NoSQL injections, secure session management, and others are important security topics and would benefit any Node.js developer whose primary focus is web development.