What are Unsafe Redirects? Unsafe or unvalidated redirects are important security considerations for any web developer. Express provides native support for redirects, making them easy to implement and use. However, Express leaves the work of performing input validation to the developer. Here's the…

Escaping is an important security control for preventing cross-site scripting (XSS) in web applications. Escaping is the process of converting certain characters, like <, >, quotation markets, etc. into safe characters. By escaping, you reduce the likelihood of the browser rendering certain…

In our previous post, we discussed the importance of securing your HTTP headers and how Helmet.js can make this easy for apps that use Express. Helmet.js’s Github page has a wealth of documentation on how to tweak different security header configurations. For this post, we’ll focus on tuning the…

Helmet.js is a useful Node.js module that helps you secure HTTP headers returned by your Express apps. HTTP headers are an important part of the HTTP protocol, but are generally transparent from the end-user perspective. The headers provide important metadata about the HTTP request or response so…

While Node.js can help improve developer productivity, it’s prone to SQL injection bugs as much as any other modern programming language in use today. In this article, we walk through a SQL injection issue, it’s impact, and how to fix it. A classic example using MySQL Imagine a web app that…