This document summarizes security best practices for Node.js applications, including using packages like Helmet to set secure HTTP headers, encrypting sessions, protecting against XSS and CSRF attacks, input validation with Express Validator, and tools for analyzing vulnerabilities like NodeJsScan. It also recommends the Node Goat project for hands-on security testing and references like the Node.js Security Checklist for additional guidance.
3. Node JS
▪ JavaScript in the backend
▪ Built on Chrome´s Javascript runtime(V8)
▪ NodeJs is based on event loop
▪ Designed to be asynchronous
▪ Single Thread
▪ Node.js is resilient to flooding attacks since
there’s no limit on the number of concurrent requests.
20. XSS attacks
▪ An attacker can exploit XSS vulnerability to:
▪ Steal session cookies/Sesion hijacking
▪ Redirect user to malicious sites
▪ Defacing and content manipulation
▪ Cross Site Request forgery