Chapter 10. Security

 

This chapter covers

  • Keeping your Express code bug-free, using tools and testing
  • Dealing with attacks; knowing how they work and how to prevent them
  • Handling the inevitable server crash
  • Auditing your third-party code

In chapter 8, I told you that I had three favorite chapters. The first was chapter 3, where I discussed the foundations of Express in an attempt to give you a solid understanding of the framework. The second favorite was chapter 8, where your applications used databases to become more real. Welcome to my final favorite: the chapter about security.

I probably don’t have to tell you that computer security is important, and it’s becoming more so by the day. You’ve surely seen news headlines about data breaches, cyberwarfare, and hacktivism. As our world moves more and more into the digital sphere, our digital security becomes more and more important.

Keeping your Express applications secure should (hopefully) be important—who wants to be hacked? In this chapter, we’ll discuss ways your applications could be subverted and how to defend yourself.

This chapter doesn’t have as much of a singular flow as the others. You’ll find yourself exploring a topic and then jumping to another, and although there may be some similarities, most of these attacks are relatively disparate.

10.1. The security mindset

Famous security technologist Bruce Schneier describes something that he calls the security mindset:

10.2. Keeping your code as bug-free as possible

10.3. Protecting your users

10.4. Keeping your dependencies safe

10.5. Handling server crashes

10.6. Various little tricks

10.7. Summary