With billions of people using the Internet, the potential for nefarious or outright criminal users hitting your site is very high. With attacks ranging from MITM, CSRF, Script Injection, Clickjacking to name a few, it is imperative that we as developers understand these exploits, how they work, how they can be stopped, and how to implement the code or setup to do so. As developers, we tend to focus on the core of what our application does. Unfortunately, security tends to be overlooked or at best an afterthought.
In this talk we will cover best practices for securing your web applications. The focus will be on Express web applications in Node, but the principles shown can be applied to any framework or environment.
Some, but not all, of the topics we will cover are: securing your web traffic, proper cookie handling, preventing CSRF, stopping Script Injection, sanitizing data input and output, handling sensitive data, implementing CSP, HSTS, X-Frame-Options, preventing vulnerabilities in node modules, and more.
At the end, you will leave with a diverse understanding of how best to secure your application from most of the attacks that can occur.