Skip to main content
Back to blog// general

Securing NodeJS Apps: Best Practices

The following are Some of the essential(required) that I believe should be followed to secure NodeJS apps Ensure you use up to date dependencies and third-party packages Ensure your dependencies are

NK

Nicanor Korir

Author

July 7, 2020
3 min read
node.jssecuritybest practices

The following are Some of the essential(required) that I believe should be followed to secure NodeJS apps

  • Ensure you use up to date dependencies and third-party packages
  • Ensure your dependencies are secure,
Text

Remember, the security of your app is only as strong as the “weakest link” in your dependencies.

  • Use Helmet to protect your app from some well-known web vulnerabilities by setting HTTP headers appropriately.
  • Use Cookies securely

- Don't use default session cookie name

- Set-Cookie security options

  • Use TLS(Transport Layer Security) in production
  • Avoid other known vulnerabilities using tools such as synk or Node Security Project
  • Protect your apps against Cross-site request forgery(CSRF), use csurf middleware.
  • Filter/sanitize user input to prevent cross-site scripting.
  • Defend against SQL injection attacks by using parameterized queries or prepared statements. sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
  • Use safe-regex to ensure your regular expressions are not susceptible to regular expression denial of service attacks .

Source

  1. Node.js Security Checklist
  2. Express: Production Best Practices
  3. DA-14 blog: HOW TO BUILD SECURE NODE.JS APPLICATIONS

Stay in the Loop

Get occasional updates on AI engineering, robotics projects, and lessons from building startups. No spam, unsubscribe anytime.