Skip to content

Security: fraziermork/resources

Security

security.md

https://www.hacksplaining.com/ https://en.wikipedia.org/wiki/OWASP https://en.wikipedia.org/wiki/SQL_injection https://en.wikipedia.org/wiki/Cross-site_scripting https://en.wikipedia.org/wiki/Cross-site_request_forgery https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet http://www.veracode.com/security/sql-injection obfuscation https://en.wikipedia.org/wiki/Database_security

https://scotch.io/tutorials/authenticate-a-node-js-api-with-json-web-tokens https://scotch.io/tutorials/the-ins-and-outs-of-token-based-authentication https://en.wikipedia.org/wiki/Cross-site_request_forgery https://scotch.io/tutorials/the-anatomy-of-a-json-web-token https://www.httpwatch.com/httpgallery/authentication/ https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process

angular and cookie-to-token authentication

how to test: http://stackoverflow.com/questions/11919737/how-can-you-use-cookies-with-superagent https://github.com/visionmedia/superagent/blob/master/test/node/agency.js guides: https://stormpath.com/blog/angular-xsrf https://stormpath.com/blog/token-auth-spa https://stormpath.com/blog/build-secure-user-interfaces-using-jwts vital info: http://expressjs.com/en/advanced/best-practice-security.html https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy good starting pt: http://www.bennadel.com/blog/2568-preventing-cross-site-request-forgery-csrf-xsrf-with-angularjs-and-coldfusion.htm advice: http://expressjs.com/en/advanced/best-practice-security.html check security: https://nodesecurity.io/advisories https://nodesecurity.io/ --package says whether any of your stuff is vulnerable

express https

https://github.com/visionmedia/superagent/blob/master/test/node/https.js https://en.wikipedia.org/wiki/Transport_Layer_Security

There aren’t any published security advisories