Resources for the security best practices section about nodebestpractices HOT 15 CLOSED

Definitely a great list, you're doing wonderful stuff @BrunoScheufler

Agree with @i0natan about being focused rather than providing too much information where readers tend to "get lost". There are probably enough awesome lists out there for security as well that will cover these (and if not we can create one :-))

from nodebestpractices.

@i0natan of course! So below are some of the most popular resources:

• OWASP Web Application Security Cheat Sheet
• RisingStack Node.js Security Checklist
• Express Security Best Practices
• Liran's awesome book

from nodebestpractices.

another comprehensive work from @BrunoScheufler

@lirantal let's focus here in the next 1-2-3 days, pick best 5-10 resources so we can have bibliography and inspiration for our content writing

from nodebestpractices.

@i0natan I'll update this list when I find additional resources of course but these resources seemed to be most popular 👍

from nodebestpractices.

@BrunoScheufler I meant quite the opposite. For efficiency purposes, I would pick 5-7 best sources (3 great blog posts, 1 book, 2 principles site like OWASP). Our goal IMO is to reduce, not to add

from nodebestpractices.

@i0natan this is not what I meant either. However I want to have a good collection of resources we can select from

from nodebestpractices.

@BrunoScheufler I plan going over these resources soon and suggesting which should be on our final list

from nodebestpractices.

@i0natan okay, if you have any suggestions or questions about the list, feel free to share them here!

from nodebestpractices.

@BrunoScheufler sorry for the delay, have some milestone soon that doesn't leave much spare time... :(

Pasting some resource I like, I think we should focus on OWASP, Liran's book, and few best practices list:
Great resource about user management mistakes - https://hackernoon.com/your-node-js-authentication-tutorial-is-wrong-f1a3bf831a46
Casual lists:
https://expressjs.com/en/advanced/best-practice-security.html
https://nodewebapps.com/2017/01/03/13-security-best-practices-for-your-web-application/
https://medium.com/@rajapradhan08/best-practices-for-securing-node-js-web-applications-3b69909b2a2a
https://jsblog.insiderattack.net/developing-secure-node-js-applications-a-broad-guide-286afdec69ce

from nodebestpractices.

@i0natan

I think we should focus on OWASP, Liran's book, and few best practices list

I think that sounds good, said resources should include the most important points for us to use in a detailed form!

from nodebestpractices.

@BrunoScheufler can u plz identify whether those list has any (non-generic, rather node-related) item that we don't

from nodebestpractices.

I filtered the rather generic ones or parts of those, we might keep the rest and look through it for our content. This one seems to contain some generic points matching the content we collected for our general security guidelines checklist. And this post contains multiple points we already selected, which might help us although when writing the content.

from nodebestpractices.

@BrunoScheufler can you include here a final list with OWASP + Liran's book + 3-5 node.js best practice articles

from nodebestpractices.

@i0natan I'd say the most important OWASP resource might be the Web Application Security cheat sheet in addition to the RisingStack security checklist. Other resources might be the official express security best practices section.

from nodebestpractices.

@BrunoScheufler maybe you can put here a list of the top 5-6 source you found (Liran's book, 4 best practices, OWASP) so anyone who writes bullets like @lirantal @js-kyle can copy quotes easily?

from nodebestpractices.