Security in Node JS - Forbes Lindesay- August 2019 1
While working on large node.js projects, I’ve noticed that there is no clear answer to common questions like “how do I securely store passwords”. I’ve also noticed that all the popular frameworks lack key security features such as CSRF protection and Rate Limiting by default. It’s really easy to get security wrong, and it’s not your fault that this is so difficult.
In this talk, I’ll present some practical steps you can take to secure your applications, including protecting against some of the most common attack vectors. I’ll also attempt to inspire you to think differently about what the defaults should be when you build new applications and libraries. We can make our code default to security; it doesn’t have to be this way.
I'm a tech lead at Threads Styling and maintain several large open source projects, such as Pug, @authentication and @databases. My twitter handle is @ForbesLindesay