Writing Secure Code in Node.js

In this learning path, you will learn how to attack and protect Node.js applications.

9 courses  //   30 videos  //   7 hours of training

Free training week — 1,200+ on-demand courses and hands-on labs

Learn how to write secure code in Node.js

Node.js is the most popular server-side asynchronous runtime. Applications built with this technology heavily depend on the npm ecosystem. Through this learning path, you will learn to attack and protect Node.js applications, covering many different attack types from the perspective of the Node.js side. You will also learn about Node.js-specific attacks such as prototype pollution and their real impact on your applications.

Learning path components

Writing Secure Code in Node.js Skill Assessment
Assessment
Writing Secure Code in Node.js Skill Assessment

Writing Secure Code in Node.js Skill Assessment

See how your Node.js skills stack up against other professionals in your field.

Number of questions: 20

Writing Secure Code in Node.js Project
Practice Exam
Writing Secure Code in Node.js Project

Writing Secure Code in Node.js Project

There are seven challenges spread across three Node.js projects. Part 1 focuses on MongoDB injections and how to prevent them. Part 2 exploits event loop blocking. Part 3 is the one you need if you want to attack and fix a GraphQL API.

Number of questions: 7

Refresher on Node.js
Course
Refresher on Node.js

Refresher on Node.js

This course will cover the basics of Node.js architecture.

2 videos
30 minutes of training

Protecting Databases
Course
Protecting Databases

Protecting Databases

This course will focus on protecting database access.

3 videos
46 minutes of training

Node.js Denial of Service
Course
Node.js Denial of Service

Node.js Denial of Service

This course will focus on different ways of obtaining denial-of-service in Node.js and how to prevent them.

5 videos
77 minutes of training

Authentication and Authorization
Course
Authentication and Authorization

Authentication and Authorization

A look at authentication and authorization in Node.js.

3 videos
47 minutes of training

Prototype Pollution
Course
Prototype Pollution

Prototype Pollution

Exploring prototype pollution in Node.js.

2 videos
33 minutes of training

Unsafe Strings
Course
Unsafe Strings

Unsafe Strings

Confronting the challenge of unsafe strings in Node.js.

4 videos
62 minutes of training

Error Handling and Asynchronous Debugging Monitoring
Course
Error Handling and Asynchronous Debugging Monitoring

Error Handling and Asynchronous Debugging Monitoring

A look at the challenges of error handling in an asynchronous environment.

3 videos
46 minutes of training

Ecosystem Modules (npm) and Supply Chain
Course
Ecosystem Modules (npm) and Supply Chain

Ecosystem Modules (npm) and Supply Chain

An introduction to the challenges of npm modules.

4 videos
55 minutes of training

GraphQL Security
Course
GraphQL Security

GraphQL Security

This course explores mitigating the risks of GraphQL.

4 videos
44 minutes of training

 

What you’ll learn.

  • Understand web application security principles and their implication in actual Node.js codebases
  • Understand the specificities of Node.js and what security issues they can lead to
  • Help engineers think about security when building applications
  • Know how to spot issues coming from the vastest open-source ecosystem in the world
  • Open up and use application security concepts to the most modern tools such as GraphQL

Who is this for?

  • Senior Node.js engineers needing refreshers and level-ups on security
  • Experienced Node.js engineers looking up to grow their skills and write safer code
  • Any Node.js user who works on a codebase where security is a key factor and who misses security skills in their organization
  • Node.js users who wish to transition toward application security and want to learn about it in a Node.js environment
  • Application security specialists who have to secure a Node.js codebase and are looking to map their skills onto Node.js

Meet the author

Vladimir de Turckheim

Vladimir works as a software engineer at Sqreen where he builds a tool to secure web applications. Previously, he was a professional security auditor and a web developer in agencies. He is one of the most active members of the Node.js Security Working Group where he handles the security of Node.js and its ecosystem

Vladimir is an official Node.js collaborator and his contributions mostly focus in the domain of security and monitoring. He also often gives talks and training to software engineers to teach them about application security.

Plans & pricing

Personal
Teams

Infosec Skills subscription

Monthly
Annually
  • 140+ role-based learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support
  • Create custom learning paths from 100s of courses

Live boot camp

Request a quote for pricing

 

Request Quote Browse Boot Camps
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Live, instructor-led training (in-person or live online)
  • 90 day extended access to recordings of daily lessons
  • Certification exam voucher
  • Learn by doing with hundreds of additional hands-on courses and labs

Infosec Skills Teams subscription

Annual

$599 per learner / year

Request Team Quote Free Team Trial
  • Team administration and reporting
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 140+ role-based learning paths (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Skill assessments
  • Create and assign custom learning paths
  • Dedicated client success manager

Live team boot camp

Request a quote for pricing

 

Request Team Quote Browse Boot Camps
  • Team boot camp administration and reporting
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Knowledge Transfer Guarantee
    If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
  • Certification exam vouchers
  • Live, instructor-led training (onsite, in-person or live online)
  • 90 days extended access to recordings of daily lessons
  • Build your team's skills with hundreds of additional hands-on courses and labs

Award-winning training that you can trust

Technical Skills Development, Online Course Providers & eLearning Content

Technical Skills Development, Online Course Providers & eLearning Content

Infosec Skills

eLearning Content

eLearning Content

Infosec Skills

Best Product - Cybersecurity Training for Infosec Professionals

Best Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Security Education & Platform

Security Education & Platform

Infosec Skills

Ranked #52 in Top 100 Global Software Sellers

Ranked #52 in Top 100 Global Software Sellers

Infosec

Exceptional learning experiences powered by LX Labs cyber expertise

Infosec Skills courses and labs are powered by LX Labs — our elite team of cyber SMEs, learning specialists and community of top-ranked security instructors, published authors and sought-after industry leaders. We rigorously vet all Infosec Skills training resources to guarantee they meet certification and compliance requirements and align with recognized guidelines like the NICE Workforce Framework for Cybersecurity.

LX Labs

SC Media names Infosec Skills Best IT Security Training

See for yourself why Infosec Skills leads the cybersecurity training industry.