Are you overwhelmed or intimidated by application security? Do you want to protect the security and privacy of your application's users but don't know where to start? Are you worried that your servers will get hacked one day?
This tech talk will demystify information security ("infosec") for developers, using hands on code samples written in Node.js. You will not only work with live demos of insecure applications, but will also learn how to defend against attacks and write secure code.
Topics include:
• an overview of common security terms like devsecops, red team vs. blue team, and responsible disclosure
• guidance for locking down your laptop, mobile phones, and online accounts
• how to securely use developer tools like GitHub, Travis CI, and npm
• how to configure SSL/TLS when developing applications locally
• the different types of Cross-Site Scripting (XSS) attacks and how to mitigate them
• how to salt and hash passwords and securely use cookies in your application
• how to prevent information disclosure within your applications
• how to implement rate limiting to protect against brute force attacks
• how to configure common security headers, including HSTS (HTTP Strict Transport Security), Content Security Policy (CSP) and HPKP (HTTP Public Key Pinning)
