This is an extended version of the talk I gave at Web European Conference in Milan. It covers basic web application security threats and simple tweaks to our applications that help dealing with them.
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
Node.js Authentication and Data Security
1. Tim Messerschmidt
Head of Developer Relations, International
Braintree
@Braintree_Dev / @SeraAndroid
Node.js Authentication
and Data Security
#HTML5DevConf
48. @Braintree_Dev / @SeraAndroid#HTML5DevConf
var helmet = require(‘helmet’);
app.use(helmet.noCache());
app.use(helmet.frameguard());
app.use(helmet.xssFilter());
…
// .. or use the default initialization
app.use(helmet());
Using Helmet with default options
55. @Braintree_Dev / @SeraAndroid#HTML5DevConf
var authenticate = function(req, res, next) {
// check the request and modify response
};
app.get('/form', authenticate, function(req, res) {
// assume that the user is authenticated
}
// … or use the middleware for certain routes
app.use('/admin', authenticate);
Writing Custom Middleware
67. @Braintree_Dev / @SeraAndroid#HTML5DevConf
Favor security too much over the
experience and you’ll make the
website a pain to use.
smashingmagazine.com/2012/10/26/password-masking-hurt-signup-form