Let’s use Helmet, the must-have tool to safeguard your Express.js apps

Security is everyone’s responsibility. Helmet protects your Node.js application from some obvious threats. While writing a Node.js + Express.js application, always use Helmet to safeguard your application or API from the usual security risks like XSS, Content Security Policy, and others.

In this article, we will see how we can add Helmet to an existing API and how it bolsters the security of the application. Let’s get started!

Table of Contents

· Web application security
· Handy OWASP cheat sheets
· Node.js Web application security
· Example Express Js application
· Express without Helmet Js
· Express Helmet to the rescue
· Helmet js with sane defaults
· Response headers for security
  ∘ Content Security Policy
  ∘ Expect Certificate Transparency
  ∘ Referrer Policy
  ∘ Strict Transport Security
· Quick scan
· Before Express Helmet
· After Express Helmet
· Conclusion

#programming #nodejs #security #javascript

How To Secure Your Node.js Applications
1.60 GEEK