If you are a back-end or a full-stack (web) developer, you probably heard terms such as: DOS Attacks, XSS, SQL/NoSQL Injection Attacks and similar.

You might already know that these attacks are very harmful and you need to make your application (or API) secure, as much as you can. But how exactly?

In this article i will show you some of the best practices that you can apply / implement in your own projects and make your app, or just an API, secure. But first, if you are not familiar with these attacks, let’s break them down one by one!

---

Denial-Of-Service (DOS) Attacks

DOS Attack will crash / shut down a network, or machine, making it inaccessible. Which means users won’t be able to access your application, for example. Attacker accomplishes this by constantly sending requests, creating traffic and sending plenty of all kind of a informations.

With DOS attacks, attackers can either make your service slower or** crash it **entirely.

Cross-Site Scripting (XSS) Attacks

XSS Attacks are a type of injections. Attackers inject malicious scripts into the forms of a browser side script. Usually they occur on input forms when those forms are not validated or encoded.

With XSS attacks, attacker can gain access to cookies, session tokens or / and other sensitive data. As well, these scripts can rewrite HTML content of a page.

#nodejs #api #javascript #security #mongodb