Название: Web Security: Learning HTTP Security HeadersАвтор: Liran Tal
Издательство: Leanpub
Год: 2023-01-17
Язык: английский
Формат: pdf (true), mobi, epub
Размер: 11.98 MB
This book is a follow-up on Liran Tal's Essential Node.js Security for Express web applications and teaches you hands-on practical use of HTTP security headers as browser security controls to help secure web applications.
18 Lessons, 8 Quizzes, 30 Code Snippets, and 19 Illustrations to help you learn.
If you have a development environment set with Node.js, Git, npm, and working Internet connectivity, you’re all set to get started! Some exercises require work with a valid HTTPS-enabled website, for which we defer to Heroku as the web hosting platform due to its ease of use and supporting simultaneously both HTTP and HTTPS web hosting.
A jаvascript and Node.js development environment
This book uses the Express web application framework for Node.js to create web applications and set headers using open source modules from the npm ecosystem. It is expected that you have a working development environment with a supported Node.js version (LTS), along with the npm command-line utility. You’ll also need Git to clone example repositories used along with the exercises if you wish to practice locally.
While you are free to deploy the Node.js web application provided in the code references to any web hosting you’d like, such as Vercel, or Netlify - the exercises explain how to use a free Heroku account to deploy.
Developing web applications means that our application depends on communication protocols that already have a set of standards defined and implemented for how to transfer data and how to manage it in a secure manner. Browsers utilize headers sent over HTTP (secure HTTP connections mostly) to enforce and confirm such communication standards as well as security policies. Making use of these HTTP headers to increase security for the code running on the browser client-side is a quick and efficient method to mitigate security vulnerabilities and add defense in depth.
In this book, we will introduce browser security controls by implementing HTTP headers for increased security. We’ll learn about Helmet as a library that can be easily added to any Express project and configure it to provide additional security for Node.js web applications. Helmet is an open source project which comprises a collection of HTTP middleware functions that configure HTTP headers by setting the HTTP response object accordingly. If you’re building Node.js web applications with the help of Express, then Helmet is the go-to npm package to use and all source code examples in the book will follow its usage. If you’re using other frameworks, such as Fastify, then consult the source-code example in the follow sub-sections.
Takeaway Skills:
Secure web applications using HTTP security headers
Understand Content Security Policy
Setup Node.js web applications securely
Learn how to test and monitor for security headers and vulnerable jаvascript libraries
Roadmap for future web controls
For each HTTP security header that can enhance your web application security, you'll learn what is the overall risk of not implementing it, and what does a proposed solution help with. Finally, you'll learn how to implement and configure the security header with Helmet, a popular and well-maintained Node.js package on npm.
Скачать Web Security: Learning HTTP Security Headers