Express.js Security Tips

Express.js Security Tips

TL;DR

This text is part of my new book Pro Express.js: Master Express.js—The Node.js Framework For Your Web Development [Apress, 2014]. Security is important, that’s why I decided to publish this chapter on my blog. The book will be released very soon.

The set of tips in this chapter deals with security in Express.js applications. Security is often a neglected topic that is deferred until the last minute before the release. Obviously, this approach of treating security as an afterthought is prone to leaving holes for attackers. A better approach is to consider and implement security matters from the ground up.
Continue reading

Quick Announcement and a Favor

Apress and I are VERY close to finishing our long-awaited Pro Express.js. 20 chapters are already in production (see screenshot below). We have been working on this for more than two years, but we are finally going to wrap it up. We will be releasing it in the end of December or early January. This book will be entirely focused on mastering Express.js. It will include four major examples, 26 chapters, and one cheatsheet. It is going to be a complete brain dump of everything that we know about Express.js and web development. We are going to cover all the ways that we use to create web applications, and we are going to show you exactly how we implemented HackHall.com.

HOWEVER, we need your help. Before we finalize everything and send it off to the printer, we need to make sure we have covered everything. That is where you come in. Please take a few minutes to answer this super-short two-question survey— there is really only one thing we want to ask you … What are your two top questions about Express.js that we absolutely NEED to answer in our book? Leave you answers as comments at here.

By the way, I’ll be releasing Express.js Security Tips in just a little bit on Webapplog.com. It’s one of the chapters of the up-coming Pro Express.js. The other already published excerpts from the book include LoopBack 101: Express.js on SteroidsSails.js 101, and Secret Express.js Settings.

20 chapters of Pro Express.js  are almost ready

20 chapters of Pro Express.js are almost ready

The Node Frameworks Contributor

I want to express gratitude to Randson Oliveira for his contributions to the Node Frameworks project. In fact, he is the #1 contributor on the project right now. Thank you for your dedication!

The Node Frameworks Contributor

The Node Frameworks Contributor

If you don’t know what the Node Frameworks project is about—check it out. The mission of this resource is to provide recommendations and one place for discovering Node.js frameworks and tutorials/examples for them. The stats for each library is really interesting to compare.

LoopBack 101: Express.js on Steroids

LoopBack 101: Express.js on Steroids

LoopBack is a comprehensive Node.js web framework with a rich command-line scaffolding and a web API explorer: strongloop.com/node-js/loopback. The framework is maintained by StrongLoop which is also the gate-keeper of Express.js.

This concise tutorial will illustrate how to get started with LoopBack and the common traits between LoopBack and Express.js. This text is from my new book Pro Express.js by Apress which you can already start reading in Apress Alpha or pre-order on Amazon.com and other bookstores.

Continue reading

Guide to Hiring Your First Developer for Non-Techies

Guide to Hiring Your First Developer for Non-Techies

One of The Foundation members asked in forum, “How do I find a good developer?”. I was glad to help, but then I thought that others might benefit from this advice so I answered it via a post.

The best thing is to work on something small first. This way you’ll test the waters before putting a major project under risk. This might include a test or a real, but small task, (preferably outside of the main project) like writing a bookmarklet or a scrapper.

Continue reading

Webapplog Apprenticeship

Webapplog Apprenticeship

In August, I posted an idea of a three-month apprenticeship in web development and Node.js:

I only wanted to test the water, and was surprised that I got over 20 requests. Therefore, I went ahead with the interview process in order to select one aspiring Node.js programmer…

Continue reading

Job Security is Dead But There Is a Way

The Best Way to Never Worry About Job Security Again

There is no such thing as a job security. You can trust my word on this, because I worked for one of the most stable employers in the world, the U.S. federal government, during 2007–2008, and had seen a lot of bright software engineers, analysts, technical writers, quality assurance engineers, and project managers let go due to the market downturn and budget cuts. Startups and private corporations are even more brutal. They won’t even give you a two-week notice! I know of a company that fired its lead software engineer with just ONE hour of notice… poor fellow didn’t expect it at all when he was coming to work in the morning just to go back home for the rest of the day right away!

Continue reading

Node Program Online Beta is Ready: From 0 to Hero with Node, Mongo and Express

Node Program Online Beta is Ready

My team and I worked hard last week to create Node Program Online. We are still polishing content and putting final touches, but we’re opening the beta version of this online course to a small circle of trusted readers (only 100 “seats”) of this blog! Yes, the Node Program Online Beta is ready and you can enroll now!

Continue reading