Read the agenda for the Node.js Securitiy training below.
This course is for you, if
- you use Node.js in your organization,
- you want to understand security in Node.js better,
- you want to migrate to Node.js,
- you want hands-on experience in secure servers with Node.js.
This training goes to
- Vienna (September 28-29)
- Dublin (October 5-6)
- Amsterdam (October 12-13)
- Paris (October 19-20)
- Barcelona (October 26-27)
- Berlin (November 9-10)
- Zurich (November 16-17)
- London (November 23-24)
- Lisbon (November 30 - December 1)
These are 2-day-long trainings. (Start: 10:00AM; Finish: 5:00PM.)
Injection attacks are among the most common attack vectors - they include SQL Injections, Cross Site Scripting (XSS) or trusted third-party sites. In this section, you will learn what these attacks are, and how you can defend your applications against them.
Learn how you can properly authenticate users, how to handle cookies, how to store passwords and sessions.
3. Cross Site Request Forgery
In this section, we will go through what CSRF is, and how attackers might try to exploit it. You will learn how to defend your applications against them.
4. Insecure Dependencies
npm has hundreds of thousands of modules. Sometimes, with an ecosystem this big, security vulnerabilities will be introduced to certain modules. You will learn how you can monitor your dependencies.
5. Default Configurations
Default configurations are sometimes not security-minded. They focus on the ease of use, therefore often leaving doors open for attackers. We will take a look at how you can secure your deployments with better configurations.
It is crucial to have a detailed audit log of what happens in your systems. With the help of them, you can investigate issues. However, logging has its danger sources as well, so you need to learn how to be security-minded when developing Node applications.
7. The Human Factor
95% of security problems are the result of some human error, like sending passwords in emails or using the same user for multiple actual users. In this part, we will go through some actionable items to make your company more secure.
You will get a lot more out of this course if:
- You have a basic understanding of Node.js.
- You have or want to build an app using Express or Koa.
About the instructor
Gergely is one of the founders of RisingStack, and a long-time Node.js user. He is very keen on security, so he will hold most of the Securing Web Applications classes.
Gergely wrote a number of articles on Node.js security and spoke at conferences:
You can find Gergely on Twitter under @nthgergo.