Getting Started with Node.js Security with Express and Angular

Pluralsight

Course Summary

This course will teach you how to apply common security mitigation techniques to a web application built with Angular, Express.js, and Node.js.

+
Course Description

Node.js is a server-side JavaScript platform that's rapidly being adopted by many individuals and large companies. This course, Getting Started with Node.js Security with Express and Angular, shows you how to apply secure application development practices to Node.js with Express and Angular by learning some of the security risks that are of concern in this area. You'll see the execution of exploits associated with these risks and follow through with the implementation steps for mitigating each one. First, you'll learn about protecting data from extraction, as well as how to mitigate this risk. Next, you'll learn about how to ensure legitimacy of requests. Finally, you'll learn about blocking content-hijacking and what you can do to prevent it in the first place. By the end of this course, you'll have learned about many of the risks, vulnerabilities, and mitigation techniques, why they are so important, and you'll be more equipped to use secure application development practices.

Course Description

Node.js is a server-side JavaScript platform that's rapidly being adopted by many individuals and large companies. This course, Getting Started with Node.js Security with Express and Angular, shows you how to apply secure application development practices to Node.js with Express and Angular by learning some of the security risks that are of concern in this area. You'll see the execution of exploits associated with these risks and follow through with the implementation steps for mitigating each one. First, you'll learn about protecting data from extraction, as well as how to mitigate this risk. Next, you'll learn about how to ensure legitimacy of requests. Finally, you'll learn about blocking content-hijacking and what you can do to prevent it in the first place. By the end of this course, you'll have learned about many of the risks, vulnerabilities, and mitigation techniques, why they are so important, and you'll be more equipped to use secure application development practices.

+
Course Syllabus

Course Introduction
- 9m 3s

—Introduction 0m 44s
—Application Security & Risk 1m 22s
—The Role of Application Developers in Security 1m 35s
—Prerequisites 0m 56s
—The Vulnerable & Attacker Sample Applications 1m 42s
—Running & Exploring the Vulnerable Application 2m 9s
—Course Overview 0m 31s

Protecting Data from Extraction
- 26m 13s

—Introduction 0m 56s
—Attack Reconnaissance 1m 30s
—Attack Execution 2m 5s
—Cross-site Scripting 0m 35s
—Attack Prevention 1m 11s
—Prevention with Input Handling 1m 8s
—Input Handling Examples 1m 58s
—Prevention with a Content Security Policy 1m 29s
—Correcting in-line Styles 0m 33s
—Correcting in-line Scripts 0m 42s
—Content Security Policy Example 1m 9s
—Content Security Policy Browser Support 0m 46s
—Defense with Input Handling in Angular 2m 38s
—Defense with Input Handling in Node.js 3m 20s
—Defense with a Content Security Policy 4m 25s
—Content Security Policy in Action 1m 13s
—Summary 0m 28s

Hide Network Traffic from Snooping
- 12m 55s

—Introduction 1m 4s
—Attack Reconnaissance & Execution 2m 19s
—Man in the Middle 0m 42s
—Client/Server Overview 0m 27s
—Attacker Positioning 1m 3s
—Prevention with Transport Layer Security 0m 26s
—Transport Layer Security 0m 37s
—Generating a Self-signed Certificate 1m 58s
—Implementing HTTPS with a Certificate 2m 20s
—Defense with Transport Layer Security in Place 1m 33s
—Summary 0m 20s

Ensure Legitimacy of Requests
- 23m 20s

—Introduction 0m 54s
—Attack Reconnaissance 2m 9s
—Attack Setup 2m 13s
—Attack Execution 1m 39s
—Cross-site Request Forgery 0m 30s
—Attack Prevention 0m 54s
—Importance of Cross-site Scripting Mitigation 0m 23s
—Prevention with HTTP Header Checks 0m 31s
—Origin and Referer Header Example 1m 20s
—Prevention with the Synchronizer Token Pattern 0m 31s
—Synchronizer Token Pattern Example 1m 22s
—Implementation of HTTP Origin and Referer Header Checks 3m 15s
—Defense with HTTP Origin and Referer Header Checks 2m 3s
—Defense with the Synchronizer Token Pattern 4m 51s
—Summary 0m 39s

Block Content Hijacking
- 15m 13s

—Introduction 0m 46s
—Attack Reconnaissance & Setup 2m 5s
—Attack Execution 1m 4s
—Clickjacking 0m 31s
—Attack Prevention 0m 26s
—Prevention with HTTP Headers 1m 44s
—Browser Support 0m 58s
—Prevention Through Denying Framing 2m 45s
—Prevention Through Limiting Framing from the Same Origin 1m 53s
—Prevention Through Limiting Framing to Specific Origins 2m 6s
—Summary 0m 49s

Summary
- 6m 58s

—High-level Topic Review 0m 29s
—Recap of Cross-site Scripting 1m 40s
—Recap of Man in the Middle 0m 59s
—Recap of Cross-site Request Forgery 1m 7s
—Recap of Clickjacking 1m 4s
—Resources & Conclusion 1m 36s

Course Fee:

USD 29

Course Type:	Self-Study
Course Status:	Active
Workload:	1 - 4 hours / week

This course is listed under Development & Implementations , Networks & IT Infrastructure , IT Security & Architecture and Digital Media & Games Community

Attended this course? Write a Review

Course Fee:

USD 29

Course Type:	Self-Study
Course Status:	Active
Workload:	1 - 4 hours / week

IT Career Development Platform

Getting Started with Node.js Security with Express and Angular

Pluralsight

Course Summary

Course Description

Course Description

Course Syllabus

Course Type:

Course Status:

Workload:

Node dot JS (Node.js)

Security policy

iFrame overlay (Clickjacking)

Web application (Web app)

Transport Layer Security (TLS)

JavaScript

Express.JS

Cross-Site Scripting (XSS)

Application Security

Attended this course? Write a Review

Course Type:

Course Status:

Workload: