

Building Secure Node.js Applications - bherbstman
http://blog.safaribooksonline.com/2014/03/12/building-secure-node-js-applications/

======
OWaz
One thing I started to use in Express is Helmet[1] (written by the author of
the article).

Also I started going through Troy Hunt's course on Pluralsight which is a real
eye-opener.[2]

[1]:
[https://github.com/evilpacket/helmet](https://github.com/evilpacket/helmet)
[2]: [http://www.troyhunt.com/2013/08/its-time-to-hack-yourself-
fi...](http://www.troyhunt.com/2013/08/its-time-to-hack-yourself-first-
with.html)

------
GeneralMayhem
Nothing here is Node specific. I don't mean that as an attack on the article,
just an observation - keeping careful track of where your 3rd-party
dependencies are coming from and running tests are good ideas for any
application, particularly one open to a network.

~~~
sanderjd
The node specific things are the actual tools he points to that help with
that, which I thought were pretty neat.

------
Fasebook
First step, don't use JavaScript or derivative technologies. Oh wait, you
can't avoid using Javascript. I guess it's that, or we don't make any money,
we use Javascript. I wonder how Amazon avoided using Javascript for so long.
Oh yeah, 10,000 engineers and military cooperation. Good luck on making a
"secure" site that conforms to any standard of the last 10 years!

~~~
yukichan
How does Amazon use the military? I don't understand.

~~~
jmnicolas
I think he refers to the contract they have to build a cloud for the CIA.

