Node.js: Security
1h 2mIntermediate2025-01-14
Authors

Emmanuel Henri
Executive with 20+ years of experience in programming and design
Course details
In this comprehensive course, experienced full-stack developer Emmanuel Henri shows you how to secure your Node.js web applications as you discover common vulnerabilities, use essential security tools, and implement strategies to protect your data and users. Explore common threats such as broken access control, cryptographic failures, and injection vulnerabilities, and how to mitigate these risks with robust mechanisms. Find out how to leverage resources like OWASP for security information and use essential tools for added protection. Learn how to validate and sanitize user data, manage dependencies with tools like Snyk, and encrypt communications with Node.js packages like Crypto. Go over HTTPS, secure cookie attributes, and Cross-Site Request Forgery (CSRF) protection. By the end of the course, you will be able to identify vulnerabilities, implement security best practices, and use various tools to ensure your Node.js applications are secure.
Skills covered
Application SecurityNode.jsJavaScript FrameworksBack-End Web DevelopmentWeb Development ToolsCybersecurityWeb DevelopmentOpen SourceOne-Off
Concepts
0. Introduction
- 01 - Securing your Node.js projects
- 02 - What you should know
1. Security Overview
- 03 - Introduction to OWASP and other sources
- 04 - OWASP Top 10 in Node.js
- 05 - Overview of broken access control
- 06 - Overview of cryptographic failures
- 07 - Overview of injections
2. Best Practices - Packages
- 08 - Hands-on base template overview
- 09 - Maintain package dependencies
- 10 - Add 2-factor and read-only tokens with NPM
3. Best Practices - Data
- 11 - Data handling with type and validation
- 12 - Use prepared statements for SQL and NoSQL
- 13 - Set proper HTTP headers with Helmet
- 14 - Encrypt user data and session management
4. Best Practices - Server Level
- 15 - Use secure HTTPS protocol
- 16 - Rate limiting against DoS attacks
- 17 - Use a library to prevent CSRF attacks
- 18 - Use cookie attributes
5. Tools for Testing
- 19 - Introduction to OWASP dependency check
- 20 - Find vulnerabilities with Snyk
- 21 - Penetration testing with Burp Suite
Conclusion
- 22 - Next steps
Related courses
- Node.js: Security (2018)
- Node.js: Securing RESTful APIs
- Building APIs with LoopBack
- Building Angular and Node Apps with Authentication
- Express Essentials: Build Powerful Web Apps with Node.js
- Web Security: OAuth and OpenID Connect (2019)
- Nest.js Developer Lab 2026: Build a Robust API with Authentication, Articles, and User Profiles
- Learning Redis