In this chapter, you learn the various techniques in securing your PhoneGap/Cordova app. You also learn on server specific security precautions and Cordova specific security precaution techniques.
The following are important links to references on various security threats and practices corncerning PhoneGap/Cordova apps:
The Cordova whitelist guide: http://cordova.apache.org/docs/en/edge/guide_appdev_whitelist_index.md.html#Whitelist%20Guide
The Cordova security guide: http://cordova.apache.org/docs/en/edge/guide_appdev_security_index.md.html#Security%20Guide
The Client-Side security best practices: http://code.tutsplus.com/articles/client-side-security-best-practices--net-35677
Open Web Application Security Project, or OWASP: https://www.owasp.org/index.php/Main_Page
The OWASP cheat sheets: https://www.owasp.org/index.php/Cheat_Sheets
The OWASP XSS prevention cheat sheet: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
The OWASP SQL injection prevention cheat sheet: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
The OWASP HTML5 security cheat sheet: https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
The HTML5 security cheat sheet: http://html5sec.org
Top overlooked security threats to Node.js web applications: http://cdn.oreillystatic.com/en/assets/1/event/106/Top%20Overlooked%20Security%20Threats%20To%20Node_js%20Web%20Applications%20Presentation%201.pdf
Seven web server HTTP headers that improve web application security for free: http://recxltd.blogspot.com/2012/03/seven-web-server-http-headers-that.html
Twitter's security best practices: https://dev.twitter.com/docs/security/best-practices
The Passport overview (http://passportjs.org/guide/
The passport authentication for Node.js applications: http://www.sitepoint.com/passport-authentication-for-nodejs-applications/
2013 Top 10 security attack vectors: https://www.owasp.org/index.php/Top_10_2013-Top_10
Getting started with Passport: http://blog.nodeknockout.com/post/66118192565/getting-started-with-passport
Attacks on WebView in the Android system: http://www.cis.syr.edu/~wedu/Research/paper/webview_acsac2011.pdf
Keig, Andrew. Advanced Express Web Application Development. First edition. Packt Publishing. November 2013. This is available at http://www.packtpub.com/advanced-express-web-application-development/book.
Clements, DM. Node Cookbook. Second edition. Packt Publishing. April 2014. This is available at http://www.packtpub.com/node-cookbook-second-edition/book.
Barnes, Dominic. Node Security. First edition. Packt Publishing. October 2013. This is available at http://www.packtpub.com/secure-your-node-applications-with-node-security/book.