Writing Secure Code in Node.js

In this learning path, you will learn how to attack and protect Node.js applications.

9 courses  //   30 videos  //   7 hours of training

Free training week — 1,400+ on-demand courses and hands-on labs

Learn how to write secure code in Node.js

Node.js is the most popular server-side asynchronous runtime. Applications built with this technology heavily depend on the npm ecosystem. Through this learning path, you will learn to attack and protect Node.js applications, covering many different attack types from the perspective of the Node.js side. You will also learn about Node.js-specific attacks such as prototype pollution and their real impact on your applications.

Learning path components

Writing Secure Code in Node.js Skill Assessment
Assessment
Writing Secure Code in Node.js Skill Assessment

Writing Secure Code in Node.js Skill Assessment

See how your Node.js skills stack up against other professionals in your field.

Number of questions: 20

Writing Secure Code in Node.js Project
Practice Exam
Writing Secure Code in Node.js Project

Writing Secure Code in Node.js Project

There are seven challenges spread across three Node.js projects. Part 1 focuses on MongoDB injections and how to prevent them. Part 2 exploits event loop blocking. Part 3 is the one you need if you want to attack and fix a GraphQL API.

Number of questions: 7

Refresher on Node.js
Course
Refresher on Node.js

Refresher on Node.js

This course will cover the basics of Node.js architecture.

2 videos
30 minutes of training

Protecting Databases
Course
Protecting Databases

Protecting Databases

This course will focus on protecting database access.

3 videos
46 minutes of training

Node.js Denial of Service
Course
Node.js Denial of Service

Node.js Denial of Service

This course will focus on different ways of obtaining denial-of-service in Node.js and how to prevent them.

5 videos
77 minutes of training

Authentication and Authorization
Course
Authentication and Authorization

Authentication and Authorization

A look at authentication and authorization in Node.js.

3 videos
47 minutes of training

Prototype Pollution
Course
Prototype Pollution

Prototype Pollution

Exploring prototype pollution in Node.js.

2 videos
33 minutes of training

Unsafe Strings
Course
Unsafe Strings

Unsafe Strings

Confronting the challenge of unsafe strings in Node.js.

4 videos
62 minutes of training

Error Handling and Asynchronous Debugging Monitoring
Course
Error Handling and Asynchronous Debugging Monitoring

Error Handling and Asynchronous Debugging Monitoring

A look at the challenges of error handling in an asynchronous environment.

3 videos
46 minutes of training

Ecosystem Modules (npm) and Supply Chain
Course
Ecosystem Modules (npm) and Supply Chain

Ecosystem Modules (npm) and Supply Chain

An introduction to the challenges of npm modules.

4 videos
55 minutes of training

GraphQL Security
Course
GraphQL Security

GraphQL Security

This course explores mitigating the risks of GraphQL.

4 videos
44 minutes of training

 

What you’ll learn.

  • Understand web application security principles and their implication in actual Node.js codebases
  • Understand the specificities of Node.js and what security issues they can lead to
  • Help engineers think about security when building applications
  • Know how to spot issues coming from the vastest open-source ecosystem in the world
  • Open up and use application security concepts to the most modern tools such as GraphQL

Who is this for?

  • Senior Node.js engineers needing refreshers and level-ups on security
  • Experienced Node.js engineers looking up to grow their skills and write safer code
  • Any Node.js user who works on a codebase where security is a key factor and who misses security skills in their organization
  • Node.js users who wish to transition toward application security and want to learn about it in a Node.js environment
  • Application security specialists who have to secure a Node.js codebase and are looking to map their skills onto Node.js

Meet the author

Vladimir de Turckheim

Vladimir works as a software engineer at Sqreen where he builds a tool to secure web applications. Previously, he was a professional security auditor and a web developer in agencies. He is one of the most active members of the Node.js Security Working Group where he handles the security of Node.js and its ecosystem

Vladimir is an official Node.js collaborator and his contributions mostly focus in the domain of security and monitoring. He also often gives talks and training to software engineers to teach them about application security.

Plans & pricing

Infosec Skills Personal

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Award-winning training that you can trust

IDC MarketScape Leader: U.S. IT Training

IDC MarketScape Leader: U.S. IT Training

Infosec Skills

eLearning Content

eLearning Content

Infosec Skills

Best Product - Cybersecurity Training for Infosec Professionals

Best Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Security Education & Platform

Security Education & Platform

Infosec Skills

Ranked #52 in Top 100 Global Software Sellers

Ranked #52 in Top 100 Global Software Sellers

Infosec

SC Media names Infosec Skills Best IT Security Training

See for yourself why Infosec Skills leads the cybersecurity training industry.