Web Security

Delivering Secure Services


One may want to release an application as soon as possible so that it can be used by people all over the world. However, if the application was released without enough security measures, issues relating to business continuity may arise. Examples of some of these issues are your information could be destroyed or stolen due to data leakage or system intrusion. At the same time, malware and backdoors could be installed, leading it to be used as a stepping stone to launch attacks on other systems, which can make customers lose trust in the business.

Defects in security that can lead to the above issues are known as vulnerabilities or security bugs.

Some of the common types of attacks on applications are SQL injection and directory traversal. By having a good grasp on where the vulnerabilities lie and developing with considerations on safety, we can minimize the risk associated when publishing an application.

On top of that, we also have to consider not just possible vulnerabilities and risks associated with the application, but vulnerabilities related to servers and networks as well. We can minimize potential risks from unintended access if we regularly update the server's software and OS, or maintain good operational practices in managing server accounts. On the other hand, we can minimize risks on the network side by encrypting communicated data or implement a firewall in the system.

Web Security

Learning Objectives

Web security is an important responsibility of the developer to ensure that users can continue using the application with peace of mind.

If an application was published without proper security measures, there will be risks of data leaks that can lead to potential harm for the users. In a case like this, there will be a loss of trust and users most likely will not be able to use the application with any confidence.

In order to create a safe and trustworthy application for users, we will need to learn about web security.

Learn from Here

From here, we will learn about security on Express.js and the best practices for improving security on applications made with Express.js. Learn and bring into focus the big picture on security while being hands-on.

  • Incorporating Best Practices on Security in Express.js

    Use a Suitable Version of Express.js

    Secure Connection and Data with Transport Layer Security (TLS)

    Use the Helmet Middleware

    Secure Cookies

    Prevent Brute-Force Attacks

    Manage Dependencies

Recommended Materials

  1. Website security - Learn web development | MDN

  2. Security Best Practices for Express in Production

    Read and learn about security best practices in Express.js using the reference linked here.

    Security Best Practices for Express in Production


Share what you learn today!