In weniger als einer Minute können Sie mit dem Lesen von Node Security auf Ihrem Kindle beginnen. Sie haben noch keinen Kindle? Hier kaufen oder mit einer unserer kostenlosen Kindle Lese-Apps sofort zu lesen anfangen.

An Ihren Kindle oder ein anderes Gerät senden

 
 
 

Kostenlos testen

Jetzt kostenlos reinlesen

An Ihren Kindle oder ein anderes Gerät senden

Der Artikel ist in folgender Variante leider nicht verfügbar
Keine Abbildung vorhanden für
Farbe:
Keine Abbildung vorhanden

 

Node Security [Kindle Edition]

Dominic Barnes
3.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)

Kindle-Preis: EUR 12,25 Inkl. MwSt. und kostenloser drahtloser Lieferung über Amazon Whispernet

Kostenlose Kindle-Leseanwendung Jeder kann Kindle Bücher lesen  selbst ohne ein Kindle-Gerät  mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.

Geben Sie Ihre E-Mail-Adresse oder Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.

Weitere Ausgaben

Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 12,25  
Taschenbuch EUR 29,90  


Produktbeschreibungen

Kurzbeschreibung

In Detail

Node.js is a fast-growing platform for building server applications using JavaScript. Now that it is being more widely used in production settings, Node applications will start to be specifically targeted for security vulnerabilities. Protecting your users will require an understanding of attack vectors unique to Node, as well as shared with other web applications.

To secure Node.js applications, we’ll start by helping you delve into the building blocks that make up typical Node applications. By understanding all the layers that you are building on top of, you can write code defensively and securely. In doing so, you will be able to protect your user's data and your infrastructure, while still using the rock-star technology behind Node.js.

Teaching you how to secure your Node applications by learning about each of the layers you will be building on top of; starting with JavaScript itself, then the Node platform, and finally the npm module ecosystem. By starting with JavaScript, you will learn what to avoid and what to embrace. Next, we will explain the Node platform, including its unique architecture and core modules, so you know how things work under the hood. Finally, we will introduce the rich ecosystem of npm modules, including modules to help you solve the common security problems you might face. Through our handy tutorials, you will be able to write secure Node.js applications, ones that will remain online under pressure and be able to weather the most common attacks that face web applications today.

Approach

A practical and fast-paced guide that will give you all the information you need to secure your Node applications.

Who this book is for

If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

Über den Autor und weitere Mitwirkende

Dominic Barnes

Dominic Barnes is a web developer as a hobbyist and by profession. Since writing HTML with Microsoft Notepad back in high school, he has grown in skill through the many opportunities he has had. With experiences in ColdFusion, ASP.NET, PHP, and now Node.js, his passion is to create applications that people find useful. To him, the user experience is paramount and requires writing secure and high-performance code, no matter what platform is being used.


Produktinformation

  • Format: Kindle Edition
  • Dateigröße: 203 KB
  • Seitenzahl der Print-Ausgabe: 94 Seiten
  • Verlag: Packt Publishing (25. Oktober 2013)
  • Verkauf durch: Amazon Media EU S.à r.l.
  • Sprache: Englisch
  • ASIN: B00G8YAXPY
  • Text-to-Speech (Vorlesemodus): Aktiviert
  • X-Ray:
  • Word Wise: Nicht aktiviert
  • Durchschnittliche Kundenbewertung: 3.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)
  • Amazon Bestseller-Rang: #378.729 Bezahlt in Kindle-Shop (Siehe Top 100 Bezahlt in Kindle-Shop)

  •  Ist der Verkauf dieses Produkts für Sie nicht akzeptabel?

Kundenrezensionen

5 Sterne
0
4 Sterne
0
2 Sterne
0
1 Sterne
0
3.0 von 5 Sternen
3.0 von 5 Sternen
Die hilfreichsten Kundenrezensionen
3.0 von 5 Sternen Wenig Node.js-spezifisch 24. Februar 2014
Format:Kindle Edition|Verifizierter Kauf
Das Buch ist so … mittelmäßig. Es werden Angriffsszenarien auf verschiedenen Ebenen besprochen: Request, Response, API, Node.js selbst, und so weiter.Prinzipiell sind die angesprochenen Themen auch alle richtig und gut und wichtig, nur haben sie nur sehr peripher mit Node.js zu tun.

Von einem Buch, dass sich explizit "Node Security" nennt, erwarte ich dann doch ein bisschen mehr als eine Beschreibung von HTTP Basic, HTTP Digest, XSRF & Co. Klar, es wird jeweils gezeigt, wie man damit in Node.js umgeht, nur ist das alles nichts, worauf man nicht auch von alleine kommen würde und könnte, wenn man die entsprechenden Schlagworte kennt. Auch Passport.js wird erwähnt, wobei auch hierauf nur oberflächlich und kurz eingegangen wird.

Für jemanden, der sich noch nie mit Web-Sicherheit befasst hat, sicherlich ganz nett (dafür die drei Sterne), aber für jeden, der mit den zuvor genannten Begriffen etwas anfangen kann und weiß, wie man Module mit npm findet, überflüssig. Zumal dann die mangelnde Aktualität hinzukommt.

Insgesamt wirkt das Buch so, als hätte sich jemand überlegt, dass Node.js gerade in ist, und Sicherheit immer ein gutes Thema ist, also macht man mal schnell ein Buch zum Thema Sicherheit unter Node.js.
War diese Rezension für Sie hilfreich?
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com: 4.0 von 5 Sternen  1 Rezension
3 von 3 Kunden fanden die folgende Rezension hilfreich
4.0 von 5 Sternen oriented to the somewhat still novice node.js programmer but still valuable 29. Januar 2014
Von Antonio Elena Batllo - Veröffentlicht auf Amazon.com
Format:Taschenbuch
As in previous occasions, Packt Pub sent me this ebook for review. Naturally, as the book's title says, this is not a general / beginner's book for Node.js, but, in spite of that, the book starts with an opening chapter explaining the history of node.js, how it is different and with the canonical createServer example one finds everywhere. Maybe this chapter, notwithstanding its brevity, was not really needed, since the audience for the book surely already know these things.

Then it follows with a "general considerations" chapter that is more general javascript than node actually, starting with ES5's strict mode and then including explanations of functions that everyone knows, such as the risks of using eval(), and also others some programmers might not be that aware of, such as seal(), freeze(), object property descriptors, and then moving on to static program analysis with JSLint / JSHint as another tool in your belt before really approaching node.js' security concerns proper. There are also general recommendations and what to look for in npm modules.

However more than security, we should be talking about the wider defensive coding / good practices spectrum, such as correctly handling exceptions, correctly using error callbacks, monitoring processes or node Domains (introduced in v. 0.8).
The next chapter moves into applications, briefly introducing express and connect and then a brief how-to on using the standard choice of passport.js, and also third party solutions, such as OpenID and OAuth, of course. What strategies are out there and how to plug the different middlewares is also taken care of. Logging is also discussed as part of the things the conscious developer should not neglect too, and general recommendations about it are given, recommendations that are good for any language or application platform, in any case, as the fact is that it is basically OWASP's guidelines that's being followed here.

The winston module for logging is the one chosen for specific node.js usage, here, as it seems to be the most favoured, although there are others, which is also why the author chose to tell the reader what to look for in modules to also make sure that these third-party pieces are also secure and well-managed.

The last two chapters are devoted to requests and to responses. The request chapter deals with request size limits, use of streams, and how they help protecting your app from attacks stemming from large payloads. Also how to monitor the event loop for health using node-toobusy module (sample taken from github). Then comes CSRF, input Validation (node-validator / express-validator).

Regarding the response layer, well-known stuff such as XSS, with several examples explaining what it is, and some simple scenarios, and DoS are explained. The XSS and related injections are probably the area that's explained more in-depth.

Then, the Helmet module is introduced as a way of mitigating risks with a series of specific http headers and mechanisms such as CSP (content security policy - check browser support here), HSTS, but which are embodied in specific headers anyway. Adequate examples of configurations for these headers are given.

With that this book comes to an end. All in all, it's not a bad book at all, but it is clearly oriented to the somewhat still novice node.js programmer, that might not be aware of all the good practices and security concerns alike that need to be taken care of in node.js / express apps. While I can't speak for anyone out there, I want to imagine that more experienced developers are familiar with the things discussed here, as they are mostly the most well-known tooling for these concerns. For those learning node or creating their first apps, I believe this is a valuable resource.
Ist diese Rezension hilfreich?   Wir wollen von Ihnen hören.
Kundenrezensionen suchen
Nur in den Rezensionen zu diesem Produkt suchen

Kunden diskutieren

Das Forum zu diesem Produkt
Diskussion Antworten Jüngster Beitrag
Noch keine Diskussionen

Fragen stellen, Meinungen austauschen, Einblicke gewinnen
Neue Diskussion starten
Thema:
Erster Beitrag:
Eingabe des Log-ins
 

Kundendiskussionen durchsuchen
Alle Amazon-Diskussionen durchsuchen
   


Ähnliche Artikel finden