Secure Your Node.js Web Application

Wrapping Up

In this chapter we studied CSRF, and you learned how this attack can be used to target your website. Itâs a dangerous attack vector because the attacker can use a different website or social engineering to perform different functions on the site. We also covered token- and header-based defenses, which can be very effective. But you saw how these methods turn out to be useless if you donât address XSS issues first.

Weâve looked at a lot of ways you can secure your code. In the next chapter, weâll look at how you can also secure your and your clientsâ data.

Footnotes

[79]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
[80]: https://github.com/expressjs/csurf
[81]: https://en.wikipedia.org/wiki/BREACH_(security_exploit) ...

Get Secure Your Node.js Web Application now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Secure Your Node.js Web Application by Karl Duuna

Wrapping Up

Footnotes

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly