This is an extended version of the talk I gave at Web European Conference in Milan. It covers basic web application security threats and simple tweaks to our applications that help dealing with them.
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
Node.js Authentication and Data Security Best Practices
1. Tim Messerschmidt
Head of Developer Relations, International
Braintree
@Braintree_Dev / @SeraAndroid
Node.js Authentication
and Data Security
#HTML5DevConf
48. @Braintree_Dev / @SeraAndroid#HTML5DevConf
var helmet = require(‘helmet’);
app.use(helmet.noCache());
app.use(helmet.frameguard());
app.use(helmet.xssFilter());
…
// .. or use the default initialization
app.use(helmet());
Using Helmet with default options
55. @Braintree_Dev / @SeraAndroid#HTML5DevConf
var authenticate = function(req, res, next) {
// check the request and modify response
};
app.get('/form', authenticate, function(req, res) {
// assume that the user is authenticated
}
// … or use the middleware for certain routes
app.use('/admin', authenticate);
Writing Custom Middleware
67. @Braintree_Dev / @SeraAndroid#HTML5DevConf
Favor security too much over the
experience and you’ll make the
website a pain to use.
smashingmagazine.com/2012/10/26/password-masking-hurt-signup-form