10. Application Security | Mastering Web Application Development with Express

Sign In Start Free Trial

Book Overview & Buying
Table Of Contents

Mastering Web Application Development with Express

By : Alexandru Vladutu

3.7 (3)

Mastering Web Application Development with Express

3.7 (3)

By: Alexandru Vladutu

Overview of this book

If you are a Node.js developer who wants to take your Express skills to the next level and develop high performing, reliable web applications using best practices, this book is ideal for you. The only prerequisite is knowledge of Node.js.

Preface

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Free Chapter

1. Diving into Express

1. Diving into Express

The best parts of Express

Comparing Express with other frameworks

Use cases

Express into the wild

The application structure

Summary

2. Component Modularity Using Middleware

2. Component Modularity Using Middleware

Connecting middleware

The functionality of middleware

Creating configurable middleware

Environment-based loading of middleware

Express routes

Ordering of middleware

Handling errors with middleware

Mounting subapplications

Replicating the middleware system

Summary

3. Creating RESTful APIs

3. Creating RESTful APIs

An overview of REST

SmartNotes application requirements

Creating RESTful URLs of the application

Implementing the SmartNotes application

API versioning

API rate limiting

Throttling

Facilitating caching

Content negotiation

Summary

4. Leveraging the Power of Template Engines

4. Leveraging the Power of Template Engines

The different types of template engines

View helpers and application-level data

Sharing code between templates with partial views

DRY templates with layouts

Template engine consolidation with consolidate.js

View caching in production

Integrating a template engine with Express

Choosing a template engine

Summary

5. Reusable Patterns for a DRY Code Base

5. Reusable Patterns for a DRY Code Base

Creating the MovieApp sample application

Error checks and callback functions

Tiny modules for better control flow

Ensuring a single callback execution

Extending objects in a reusable way

A simple way to create custom errors

Summary

6. Error Handling

6. Error Handling

Runtime (operational) errors and human errors

Ways of delivering errors in the Node applications

Strings instead of errors as an antipattern

Improving stack traces

Handling uncaught exceptions

Logging errors

Creating a custom Express error handler

Richer errors with VError

Error handling in a practical application

Summary

7. Improving the Application's Performance

7. Improving the Application's Performance

Serving static resources with Express

Backend improvements

Summary

8. Monitoring Live Applications

8. Monitoring Live Applications

Logging

Simple tips for improving the application monitoring

Collecting metrics

Useful existing monitoring tools

Ensuring the application uptime

Summary

9. Debugging

9. Debugging

A better error-handling middleware

Using a debug flag

Debugging routes and middleware

Using the V8 debugger

Debugging memory leaks

Adding a REPL to our Express application

Removing debugging commands

Summary

10. Application Security

10. Application Security

Running Express applications on privileged ports

Cross-site request forgery protection

Cross-site scripting

HTTP security headers with Helmet

Handling file uploads

Session middleware parameters

Reauthenticating the user for sensitive operations

Summary

11. Testing and Improving Code Quality

11. Testing and Improving Code Quality

The importance of having automated tests

Testing toolbox

Creating and testing an Express file-sharing application

Running tests before committing in Git

Code coverage

Complexity analysis of our code

Code linting

Load testing

Client-side testing

Continuous Integration

Summary

Index

Index

Cross-site scripting

A Cross-site scripting (XSS) type of attack allows hackers to inject malicious client-side scripts into web applications. Once the script is injected into a trusted website, it has access to the user's sensitive information such as cookies, the content of the page, and others.

To guard our Express applications against this type of attack, we should employ the following techniques:

Validate data sent by the user (input)
Sanitize output stored on the backend, such as into a database
Enable content-security policy

Validating input

We should always try to validate data sent by the users before processing it. In some situations, we can validate it against a list of known values, but this isn't always the case.

A handy module to do validation is express-validator (https://www.npmjs.org/package/express-validator), which has all sorts of functions built in.

Sanitizing output

Validation is the first line of defense, but it's not enough. We cannot stop the user from entering quotes, for...

Visually different images

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Mastering Web Application Development with Express

Search

Your notes and bookmarks