Digital product security is the elephant in the room. Everyone talks about it, but not all take it seriously. At Fireart Studio, we would like to reveal all the importance of app security for you. That’s why we have compiled here a short checklist of the best Node.js security practices.
There are some HTTP headers you need to set on our site. They include:
1) Strict-Transport-Security enforces secure (HTTP over SSL/TLS) connections to the server
2) X-XSS-Protection enables the Cross-site scripting (XSS) filter built into most recent web browsers
3) X-Frame-Options gives clickjacking protection
4) Content-Security-Policy protects from a large number of attacks, including Cross-site scripting and other cross-site injections
5) X-Content-Type-Options helps browsers avoid MIME-sniffing a response away from the declared content-type.
When developing a front-end app, always make sure that you have not made sensitive data, such as secret APIs in your source code, readable for everyone. Unfortunately, there are not any automation tools that can help you check it. That is why many app developers advise you very traditional methods, like using pull requests and reviewing code on a regular basis.