Hire us

Digital product security is the elephant in the room. Everyone talks about it, but not all take it seriously. At Fireart Studio, we would like to reveal all the importance of app security for you. That’s why we have compiled here a short checklist of the best Node.js security practices.

Why Node.js? Node.js is one of the leading JavaScript runtimes that are capturing market share gradually. At its core, Node.js is secure, however, when you install third-party packages, the way you configure, install and deploy may need some extra efforts to make a web application even more secure and protected from online attacks. 

Configuration Management

Security HTTP Headers

There are some HTTP headers you need to set on our site. They include:

1) Strict-Transport-Security enforces secure (HTTP over SSL/TLS) connections to the server

2) X-XSS-Protection enables the Cross-site scripting (XSS) filter built into most recent web browsers

3) X-Frame-Options gives clickjacking protection

4)  Content-Security-Policy protects from a large number of attacks, including Cross-site scripting and other cross-site injections

5) X-Content-Type-Options helps browsers avoid MIME-sniffing a response away from the declared content-type.

Many experienced web developers recommend using Herokuapp, it is a great tool for checking if your website has all the needed headers.

Sensitive Data on the Client Side

When developing a front-end app, always make sure that you have not made sensitive data, such as secret APIs in your source code, readable for everyone. Unfortunately, there are not any automation tools that can help you check it. That is why many app developers advise you very traditional methods, like using pull requests and reviewing code on a regular basis.