The security vulnerability of serving images via a route as opposed to static middleware in Node.js
The most upvoted Reddit answer to a question about serving images via a route in Express.js is a security vulnerability waiting to happen.
The Node.js Secure Coding Blog
Why is it considered a bad practice to write raw SQL commands?
Are we going to settle the debate between raw SQL queries and ORMs once and for all? Let's explore the pros and cons of each approach and find the right balance between control and convenience.
JS Security Concepts for JavaScript Developers
Enhance your development workflow with JavaScript security best practices. Learn about Content Security Policy (CSP) in Nuxt.js, avoiding `eval` and `new Function` with untrusted input, secure DOM manipulation, cookie security, and third-party integration.
Secure Coding Practices in Node.js Against Path Traversal Vulnerabilities
Path traversal vulnerabilities were discovered in webpack and backstage npm packages. Learn secure coding practices to prevent path traversal attacks in Node.js applications.
Secure JavaScript Coding Practices Against Command Injection Vulnerabilities
Secure JavaScript coding practices are essential to prevent command injection vulnerabilities in Node.js applications. Learn how to avoid common pitfalls and protect your code from exploitation.
To IDOR or Not to IDOR: Insecure Direct Object Reference in JavaScript Applications Explained
Can you spot an Insecure Direct Object Reference (IDOR) vulnerability in your JavaScript application? Learn what IDOR is, how it can be exploited, and how to prevent it in your code.