Comments (15)
Definitely a great list, you're doing wonderful stuff @BrunoScheufler
Agree with @i0natan about being focused rather than providing too much information where readers tend to "get lost". There are probably enough awesome lists out there for security as well that will cover these (and if not we can create one :-))
from nodebestpractices.
@i0natan of course! So below are some of the most popular resources:
- OWASP Web Application Security Cheat Sheet
- RisingStack Node.js Security Checklist
- Express Security Best Practices
- Liran's awesome book
from nodebestpractices.
another comprehensive work from @BrunoScheufler
@lirantal let's focus here in the next 1-2-3 days, pick best 5-10 resources so we can have bibliography and inspiration for our content writing
from nodebestpractices.
@i0natan I'll update this list when I find additional resources of course but these resources seemed to be most popular 👍
from nodebestpractices.
@BrunoScheufler I meant quite the opposite. For efficiency purposes, I would pick 5-7 best sources (3 great blog posts, 1 book, 2 principles site like OWASP). Our goal IMO is to reduce, not to add
from nodebestpractices.
@i0natan this is not what I meant either. However I want to have a good collection of resources we can select from
from nodebestpractices.
@BrunoScheufler I plan going over these resources soon and suggesting which should be on our final list
from nodebestpractices.
@i0natan okay, if you have any suggestions or questions about the list, feel free to share them here!
from nodebestpractices.
@BrunoScheufler sorry for the delay, have some milestone soon that doesn't leave much spare time... :(
Pasting some resource I like, I think we should focus on OWASP, Liran's book, and few best practices list:
Great resource about user management mistakes - https://hackernoon.com/your-node-js-authentication-tutorial-is-wrong-f1a3bf831a46
Casual lists:
https://expressjs.com/en/advanced/best-practice-security.html
https://nodewebapps.com/2017/01/03/13-security-best-practices-for-your-web-application/
https://medium.com/@rajapradhan08/best-practices-for-securing-node-js-web-applications-3b69909b2a2a
https://jsblog.insiderattack.net/developing-secure-node-js-applications-a-broad-guide-286afdec69ce
from nodebestpractices.
I think we should focus on OWASP, Liran's book, and few best practices list
I think that sounds good, said resources should include the most important points for us to use in a detailed form!
from nodebestpractices.
@BrunoScheufler can u plz identify whether those list has any (non-generic, rather node-related) item that we don't
from nodebestpractices.
I filtered the rather generic ones or parts of those, we might keep the rest and look through it for our content. This one seems to contain some generic points matching the content we collected for our general security guidelines checklist. And this post contains multiple points we already selected, which might help us although when writing the content.
from nodebestpractices.
@BrunoScheufler can you include here a final list with OWASP + Liran's book + 3-5 node.js best practice articles
from nodebestpractices.
@i0natan I'd say the most important OWASP resource might be the Web Application Security cheat sheet in addition to the RisingStack security checklist. Other resources might be the official express security best practices section.
from nodebestpractices.
@BrunoScheufler maybe you can put here a list of the top 5-6 source you found (Liran's book, 4 best practices, OWASP) so anyone who writes bullets like @lirantal @js-kyle can copy quotes easily?
from nodebestpractices.
Related Issues (20)
- Easy to translate advice HOT 1
- Translations status HOT 1
- Bonnes pratiques nodejs
- Arabic Translation
- Node practice 1
- Should include Corepack in our recommendation? HOT 5
- Bootstraping nodejs container may be misleading
- Node
- Node js fullstack HOT 4
- Wrong example HOT 2
- Broken link to env-var
- Nextjs as main framework? HOT 2
- Another comment regarding "1.1 Structure your solutions by business components" HOT 1
- Italian Translation
- The backend-testing-checklist.png file is missing. HOT 3
- Hinglish Translation HOT 1
- Кнас
- Dead link for safe-regex
- Mi006
- Is using cache for npm install in docker safe?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nodebestpractices.