Web Security in Node.js Applications
With billions of people using the Internet, the potential for nefarious or outright criminal users hitting your site is very high. With attacks ranging from MITM, CSRF, Script Injection, Clickjacking to name a few, it is imperative that we as developers understand these exploits, how they work, how they can be stopped, and how to implement the code or setup to do so. As developers, we tend to focus on the core of what our application does. Unfortunately, security tends to be overlooked or at best an afterthought.
In this talk we will cover best practices for securing your web applications. The focus will be on Express web applications in Node, but the principles shown can be applied to any framework or environment.
Some, but not all, of the topics we will cover are: securing your web traffic, proper cookie handling, preventing CSRF, stopping Script Injection, sanitizing data input and output, handling sensitive data, implementing CSP, HSTS, X-Frame-Options, preventing vulnerabilities in node modules, and more.
At the end, you will leave with a diverse understanding of how best to secure your application from most of the attacks that can occur.
With an ever growing collection of beer, I am in dire need of a way to store and track it. What better way to do this than to create an application.
This will be a hands on live coding session where we will create a RESTful API using Node, Express, Mongoose, and MongoDB.
When we are done, we should have an API that supports CRUD operations, have a solid understanding of best practices and tooling, user accounts, authentication via Passport, and most important of all, a place to store our beer!
The Birth of Bit: Making Ideas Happen
Let’s face it, we all have ideas. In the space we work it is nearly impossible not to. They key is having the ability to take the leap and transform an idea into a reality.
In this talk, I share my experience taking coderbits from an idea to a successful product used by thousands of developers. The focus will be on presenting those experiences in a way that provides practical tips to empower you to take your ideas and make them real.
SignalR is an async library for .NET to help build real-time, multi-user interactive web applications. Pushing data from the server to the client (not just browser clients) has always been a tough problem. SignalR makes it dead easy and handles all the heavy lifting for you.
JSON Web API Consumption
The web is packed full of web APIs just waiting to be consumed. Sites such as Meetup, GitHub, Twitter, LinkedIn, and Facebook to name a few all have developer APIs that can be used programmatically to consume the data contained within their site. By implementing their APIs in similar fashions using REST, JSON, and OAuth, the ease at which these APIs can be consumed is amazing.
In this talk, I discuss and demonstrate how to consume GitHub’s RESTful web API using web resources, NuGet packages, the .NET framework, and a few lines of C# code.