Docs

/

Node Express

Chapter 17

17 — Security Best Practices

Core Concepts

Helmet — sets security HTTP headers (CSP, HSTS, X-Frame-Options)
Rate limiting — prevent brute force and DDoS
CORS — control cross-origin access
Input validation — never trust user input
SQL injection — always use parameterized queries
XSS prevention — sanitize output, set CSP headers
CSRF — protect state-changing requests
Dependency auditing — npm audit for known vulnerabilities

16 — Testing 18 — Performance & Caching