Book Image

Node.js Web Development - Fourth Edition

By : David Herron
Book Image

Node.js Web Development - Fourth Edition

By: David Herron

Overview of this book

Node.js is a server-side JavaScript platform using an event-driven, non-blocking I/O model allowing users to build fast and scalable data-intensive applications running in real time. This book gives you an excellent starting point, bringing you straight to the heart of developing web applications with Node.js. You will progress from a rudimentary knowledge of JavaScript and server-side development to being able to create, maintain, deploy and test your own Node.js application.You will understand the importance of transitioning to functions that return Promise objects, and the difference between fs, fs/promises and fs-extra. With this book you'll learn how to use the HTTP Server and Client objects, data storage with both SQL and MongoDB databases, real-time applications with Socket.IO, mobile-first theming with Bootstrap, microservice deployment with Docker, authenticating against third-party services using OAuth, and use some well known tools to beef up security of Express 4.16 applications.
Table of Contents (19 chapters)
Title Page
Dedication
Packt Upsell
Contributors
Preface
Index

Chapter 12. Security

We're coming to the end of this journey of learning Node.js. But there is one important topic left to discuss: security. 

Cybersecurity officials around the world have been clamoring for greater security on the internet. In some cases, vast botnets have been built, thanks to weak security implementation, which are weaponized to bludgeon websites or commit other mayhem. In other cases, rampant identity theft from security intrusions are a financial threat to us all. Almost every day, the news includes more revelations of cybersecurity problems.

In 2016, the US-CERT issued several warnings of vulnerabilities in Internet of Things (IoT) devices, such as security cameras or Wi-Fi routers. By exploiting vulnerabilities in the devices, attackers were able to inject attack software into these devices. The result was a slaved botnet of hundreds of thousands of IoT devices, which were deployed to send massive Distributed Denial of Service (DDOS) attacks against specific websites...