If Nothing Else, Use a Helmet
In the previous sections we looked at deeply analyzing your application code to identify various possible attack vectors and setting up mitigation methods for them. While it is the recommended and definitely more effective way to secure your application, it is also usually a lot of work and can take a long time (depending on the size of your codebase). If you find yourself with a gun to your head and only have a minute to set up some defense, then use helmet.
helmet is an express middleware designed to implement HTTP header-based defense for various attack methods we have covered in this book. It is a collection of various other middleware, each designed for a specific attack vector. The use of helmet is simple: ...
Get Secure Your Node.js Web Application now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
