Scott Smith

Blog Tutorials Projects Speaking RSS

Secure Node Apps Against OWASP Top 10 - Cross Site Request Forgery

In this multipart series, we will explore some of the the OWASP top web application security flaws including how they work and best practices to protect your application from them. The focus will be on Express web applications in Node, but the principles shown can be applied to any framework or environment. This part will cover cross site request forgery.

Secure Node Apps Against OWASP Top 10 - Cross Site Scripting

In this multipart series, we will explore some of the the OWASP top web application security flaws including how they work and best practices to protect your application from them. The focus will be on Express web applications in Node, but the principles shown can be applied to any framework or environment. This part will cover cross site scripting.

Secure Node Apps Against OWASP Top 10 - Authentication & Sessions

In this multipart series, we will explore some of the the OWASP top web application security flaws including how they work and best practices to protect your application from them. The focus will be on Express web applications in Node, but the principles shown can be applied to any framework or environment. This part will cover broken authentication and session management.

Secure Node Apps Against OWASP Top 10 - Injection

In this multipart series, we will explore some of the the OWASP top web application security flaws including how they work and best practices to protect your application from them. The focus will be on Express web applications in Node, but the principles shown can be applied to any framework or environment. This part will cover Injection.

Twitatron: Building a Production Web App With Node - User Accounts

In this installment of the Twitatron series, we will be diving into how to implement user accounts. By the end of this article you will have learned how to connect to MongoDB, used Mongoose for object modeling, implemented Passport for user authentication, allow users to login with their Twitter account, and have full support for user accounts.

5 Fantastic & Free Screencast Sites for Node Developers

While learning and working in Node, I have found screencasts to be a very helpful way to learn. Over time I have come across many sites offering videos. Here is a list of my current top 5 every Node developer should know about.

Twitatron: Building a Production Web App With Node

In this multi part series you will learn how to create a production ready Node web application with authorization, user accounts, data storage, background workers, security, email, APIs, RSS, and third party service integrations.

Protect Your Node App’s Noggin With Helmet

Learn how to protect your Express Node application from cross-site scripting, script injection, clickjacking, insecure requests, and more by using a set of Express middleware provided by Helmet.

Beer Locker: Building a RESTful API With Node - Digest

Many readers have asked questions about how to use different authentication strategies so I am going to continue this series and delve into many of those strategies. This article will explore the use of Digest authentication instead of Basic.

Beer Locker: Building a RESTful API With Node - OAuth2 Server

In this beer locker installment we will dive into creating an OAuth2 server and allowing access to API endpoints for the authorized user or authorized applications. We will do this by integrating OAuth2orize into our application.