Useful Links
Computer Science
Cybersecurity
Node.js Security
1. Foundations of Node.js Security
2. Common Web Application Vulnerabilities in Node.js
3. Dependency and Package Management Security
4. Node.js-Specific Vulnerabilities and Mitigation
5. Secure Coding and Configuration
6. Authentication and Authorization
7. Data Security
8. Security Testing and Analysis
9. Deployment and Production Security
10. Advanced Security Topics
Authentication and Authorization
Password Security
Password Storage
Hashing vs Encryption
Salt Generation
Pepper Implementation
Hashing Algorithms
bcrypt Configuration
Argon2 Implementation
PBKDF2 Usage
Scrypt Considerations
Password Policies
Complexity Requirements
Length Recommendations
Common Password Prevention
Session Management
Session Storage
In-Memory Sessions
Database Sessions
Redis Session Store
Distributed Sessions
Cookie Security
HttpOnly Attribute
Secure Attribute
SameSite Configuration
Domain and Path Settings
Session Lifecycle
Session Creation
Session Validation
Session Expiration
Session Invalidation
Token-Based Authentication
JSON Web Tokens
JWT Structure
Header Configuration
Payload Design
Signature Verification
Signing Algorithms
HMAC-based Algorithms
RSA-based Algorithms
ECDSA Algorithms
Token Management
Token Storage
Token Refresh
Token Revocation
Token Validation
Multi-Factor Authentication
TOTP Implementation
Secret Generation
QR Code Generation
Time Window Configuration
SMS Authentication
SMS Gateway Integration
Rate Limiting
Backup Codes
Hardware Tokens
FIDO2/WebAuthn
U2F Implementation
Access Control
Role-Based Access Control
Role Definition
Permission Assignment
Hierarchical Roles
Attribute-Based Access Control
Policy Definition
Context Evaluation
Dynamic Permissions
Middleware Implementation
Route Protection
Resource-Level Authorization
Method-Level Security
OAuth and OpenID Connect
OAuth 2.0 Flows
Authorization Code Flow
Implicit Flow
Client Credentials Flow
Resource Owner Password Flow
OpenID Connect
Identity Token Validation
UserInfo Endpoint
Discovery Document
Security Considerations
PKCE Implementation
State Parameter Usage
Nonce Validation
Previous
5. Secure Coding and Configuration
Go to top
Next
7. Data Security