Overview
One may want to release an application as soon as possible so that it can be used by people all over the world. However, if the application was released without enough security measures, issues relating to business continuity may arise. Examples of some of these issues are your information could be destroyed or stolen due to data leakage or system intrusion. At the same time, malware and backdoors could be installed, leading it to be used as a stepping stone to launch attacks on other systems, which can make customers lose trust in the business.
Defects in security that can lead to the above issues are known as vulnerabilities or security bugs.
Some of the common types of attacks on applications are SQL injection and directory traversal. By having a good grasp on where the vulnerabilities lie and developing with considerations on safety, we can minimize the risk associated when publishing an application.
On top of that, we also have to consider not just possible vulnerabilities and risks associated with the application, but vulnerabilities related to servers and networks as well. We can minimize potential risks from unintended access if we regularly update the server's software and OS, or maintain good operational practices in managing server accounts. On the other hand, we can minimize risks on the network side by encrypting communicated data or implement a firewall in the system.
Learning Objectives
Web security is an important responsibility of the developer to ensure that users can continue using the application with peace of mind.
If an application was published without proper security measures, there will be risks of data leaks that can lead to potential harm for the users. In a case like this, there will be a loss of trust and users most likely will not be able to use the application with any confidence.
In order to create a safe and trustworthy application for users, we will need to learn about web security.
Learn from Here
From here, we will learn about security on Express.js and the best practices for improving security on applications made with Express.js. Learn and bring into focus the big picture on security while being hands-on.
Incorporating Best Practices on Security in Express.js
Use a Suitable Version of Express.js
Secure Connection and Data with Transport Layer Security (TLS)
Use the Helmet Middleware
Secure Cookies
Prevent Brute-Force Attacks
Manage Dependencies
Recommended Materials
Website security - Learn web development | MDN
Learn about common attacks on web applications and how to strengthen your own from these compromises. Pick up on basic attack methods, patterns, and how to implement countermeasures.
![Website security - Learn web development | MDN]()
Website security - Learn web development | MDN
This article has explained the concept of web security and some of the more common threats against which your website should attempt to protect. Most importantly, you should understand that a web application cannot trust any data from the web browser. All user data should be sanitized before it is displayed, or used in SQL queries and file system calls.
developer.mozilla.org
Security Best Practices for Express in Production
Read and learn about security best practices in Express.js using the reference linked here.
Security Best Practices for Express in Production
expressjs.com
