Node Security

Dominic Barnes

  • 出版商: Packt Publishing
  • 出版日期: 2013-09-10
  • 售價: $1,340
  • 貴賓價: 9.5$1,273
  • 語言: 英文
  • 頁數: 94
  • 裝訂: Paperback
  • ISBN: 1783281499
  • ISBN-13: 9781783281497
  • 相關分類: Node.js資訊安全
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

For an in-depth understanding of how you can secure your Node.js applications, this is the ideal book. By learning to write code defensively and adopting security techniques you will be able to withstand common web attacks.

Overview

  • Examine security features and vulnerabilities within JavaScript
  • Explore the Node platform, including the event-loop and core modules
  • Solve common security problems with available npm modules

In Detail

Node.js is a fast-growing platform for building server applications using JavaScript. Now that it is being more widely used in production settings, Node applications will start to be specifically targeted for security vulnerabilities. Protecting your users will require an understanding of attack vectors unique to Node, as well as shared with other web applications.

To secure Node.js applications, we’ll start by helping you delve into the building blocks that make up typical Node applications. By understanding all the layers that you are building on top of, you can write code defensively and securely. In doing so, you will be able to protect your user's data and your infrastructure, while still using the rock-star technology behind Node.js.

Teaching you how to secure your Node applications by learning about each of the layers you will be building on top of; starting with JavaScript itself, then the Node platform, and finally the npm module ecosystem. By starting with JavaScript, you will learn what to avoid and what to embrace. Next, we will explain the Node platform, including its unique architecture and core modules, so you know how things work under the hood. Finally, we will introduce the rich ecosystem of npm modules, including modules to help you solve the common security problems you might face. Through our handy tutorials, you will be able to write secure Node.js applications, ones that will remain online under pressure and be able to weather the most common attacks that face web applications today.

What you will learn from this book

  • Master the origins of the Node.js and npm projects
  • Understand the architecture, including the event-loop and asynchronous I/O
  • Delve into the key aspects of avoiding some common pitfalls of JavaScript development
  • Incorporate ES5's security improvements, including strict-mode
  • Add static code analysis and the code-quality it promotes
  • Explore the basics of proper error-handling within Node applications
  • Understand the architecture of Express and Connect
  • Adapt common authentication and authorization schemes

Approach

A practical and fast-paced guide that will give you all the information you need to secure your Node applications.

Who this book is written for

If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

商品描述(中文翻譯)

這本書是為了深入了解如何保護您的Node.js應用程序而寫的,對於想要寫出防禦性代碼並採用安全技術以抵禦常見網絡攻擊的讀者來說,這是一本理想的書籍。

概述:
- 檢查JavaScript中的安全功能和漏洞
- 探索Node平台,包括事件循環和核心模塊
- 使用可用的npm模塊解決常見的安全問題

詳細內容:
Node.js是一個使用JavaScript構建服務器應用程序的快速增長平台。現在它在生產環境中被廣泛使用,Node應用程序將開始成為特定的安全漏洞目標。保護用戶需要了解Node獨有的攻擊向量,以及與其他Web應用程序共享的攻擊向量。

為了保護Node.js應用程序,我們將從幫助您深入了解構成典型Node應用程序的基本組件開始。通過理解您所構建的所有層次,您可以寫出防禦性和安全的代碼。這樣做,您將能夠保護用戶數據和基礎設施,同時仍然使用Node.js背後的頂尖技術。

我們將教您如何通過學習每個層次的方式來保護Node應用程序,從JavaScript本身開始,然後是Node平台,最後是npm模塊生態系統。通過從JavaScript開始,您將學習避免和採用的方法。接下來,我們將解釋Node平台,包括其獨特的架構和核心模塊,以便您了解其內部運作方式。最後,我們將介紹豐富的npm模塊生態系統,包括幫助您解決可能遇到的常見安全問題的模塊。通過我們方便的教程,您將能夠編寫安全的Node.js應用程序,這些應用程序將在壓力下保持在線並能夠應對當今Web應用程序面臨的最常見攻擊。

本書的學習重點:
- 掌握Node.js和npm項目的起源
- 了解架構,包括事件循環和異步I/O
- 深入研究避免JavaScript開發中一些常見陷阱的關鍵方面
- 結合ES5的安全改進,包括嚴格模式
- 添加靜態代碼分析和它所促進的代碼質量
- 探索在Node應用程序中正確處理錯誤的基礎知識
- 了解Express和Connect的架構
- 適應常見的身份驗證和授權方案

這是一本實用且節奏快的指南,將為您提供保護Node應用程序所需的所有信息。

本書的讀者:
如果您是一名開發人員,希望保護您的Node應用程序,無論您是否已經在生產中使用Node Security,或者正在考慮在下一個項目中使用它,本書將使您能夠確保應用程序的安全性。需要具備JavaScript的基礎知識,並建議具有一些Node的經驗,但不是必需的。