Node.js Security Best Practices: JWT blacklisting, rate limiting, schema validation

Рет қаралды 16,921

Күн бұрын

Get Docuo to create a knowledge base now: bit.ly/45LYSF5
======⚡⚡⚡======
Security best practices have to be known for developing secure Node.js applications and APIs. In this video (series) we're gonna cover rate limiting, JWTs, password encryption and other things.
🙌 Become my Patreon and get exclusive perks: / softdevdiaries
💼 Follow me on LinkedIn and drop me a message if you'd like: / gusgadirov
💻 Also, let's connect on GitHub: github.com/gusgad
📚 Resources:
Express rate limit library: www.npmjs.com/package/express...
nginx configuration for rate limiting: www.nginx.com/blog/rate-limit...
Rate limiting on AWS: docs.aws.amazon.com/waf/lates...
bcrypt library: www.npmjs.com/package/bcrypt
Revoking a JWT access: supertokens.com/blog/revoking...
JSON schema validation library: www.npmjs.com/package/jsonsch...
escape-html library: www.npmjs.com/package/escape-...
Sequalize ORM: sequelize.org/
mogoose DRM: www.npmjs.com/package/mongoose
eslint-plugin-security: github.com/eslint-community/e...
🕒 Timestamps:
0:00 Intro
0:30 Rate limiting
2:42 Password encryption
4:05 Docuo
6:13 JWT blacklisting
8:40 Schema validation
9:24 HTML & CSS escaping
10:01 ORMs/DRMs
11:17 Linter plugins for security
And don't forget to subscribe for more videos like this 😊

Пікірлер: 35

@SoftwareDeveloperDiaries 8 ай бұрын

Check out Docuo 👉 bit.ly/3SaTsQV

@icaromendes1250 3 күн бұрын

Is the kind of content everyone needs but no one is mentioning

@vineetsingh904 8 ай бұрын

I fell weird when I see less subscriber You at least deserve 1-2 million subscribers. Your channel is the best because no one tell these things and you not only talk about these things but also tell what to use in real world projects. Even paid courses don't teaches or even tell about these thing. You a great

@SoftwareDeveloperDiaries 8 ай бұрын

Thanks a lot my friend! :)

@mrunalvaidya388 7 ай бұрын

Amazing content as always🙌

@koningguidokip 5 ай бұрын

I've learned so much from this!

@wishmeheaven 7 ай бұрын

Thanks! I was actually looking for other topics such as NoSQL injection, sanitize, XXS protection, security headers, rate limiting (indeed included here), HPP and CORS. I'm a backend development student looking to dig further at security issues... Thank you very much for this series, and I can hardly wait to find out what other topics will it maneuvering through...

@SoftwareDeveloperDiaries 7 ай бұрын

Thanks for the feedback my friend! New episodes coming soon 😎

@OCEMTechZone Күн бұрын

Great one

@babayaga6172 8 ай бұрын

Literally U r doing amazing job 👏🏼

@SoftwareDeveloperDiaries 8 ай бұрын

Thank you!!

@NPCtoHero 4 ай бұрын

🎉 Great video !

@codermeloman3030 8 ай бұрын

Super content!!!

@jeremyccc 8 ай бұрын

Thanks for this!

@SoftwareDeveloperDiaries 8 ай бұрын

My pleasure!

@babayaga6172 8 ай бұрын

Can u please make a video about multithreading clustering twice by quoting a example of large project scaling

@ismaildeveloper 8 ай бұрын

great

@tarekalkhatib5619 6 ай бұрын

great content, do you plan on releasing part 3 any time soon

@SoftwareDeveloperDiaries 6 ай бұрын

Yess, it’s coming out soon! 😉

@elmasx 8 ай бұрын

Hello, Guseyn. You're so sweet. I just discovered your channel and I admire it, I learned a lot. I wonder if there will be a classic nodejs, deno and bun comparison? I would like to know your opinion, regards.

@SoftwareDeveloperDiaries 8 ай бұрын

Really happy to hear that! 🙂I will keep those in mind 😉

@elmasx 8 ай бұрын

@@SoftwareDeveloperDiaries Thank you so much!

@taras0varty0m 8 ай бұрын

instead of bcrypt, it is better to use a scrypt that is embedded in node.js

@aliarslanansari 8 ай бұрын

reason?

@taras0varty0m 8 ай бұрын

@@aliarslanansari With scrypt in addition to increasing computation you can increase the amount of memory needed to compute the hash. This doesn't bother software implementations much but is much harder to implement with hardware - which is what a dedicated attacker is likely to develop and use. bcrypt (and PBKDF2) use constant, and small, amounts of memory.

@taras0varty0m 8 ай бұрын

@@aliarslanansari answer from stackoverflow

@taras0varty0m 8 ай бұрын

@@aliarslanansari and an additional library, this is a greater weight of the bundle or the final container after the application is built.

@SoftwareDeveloperDiaries 8 ай бұрын

Thanks for the hint, you're totally right, it's a better option for most use-cases

@thomasr22272 7 ай бұрын

Just one thing, hashing is not technically encryption

@danielson9490 8 ай бұрын

NodeJS Security Best Practices: - 1. Rate Limiting - 2. Password Encryption - 3. JWT Blacklisting - 4. JSON Schema Validation - 5. Escaping HTML & CSS - 6. ORM/ODM agains Injections - 7. Security Linter