SlideShare a Scribd company logo

Node.js Authentication & Data Security

Tim Messerschmidt
Tim Messerschmidt

The arena of proper authentication and data security standards is often some of the most misunderstood, confusing, and tricky aspects of building any Node site, app, or service, and the fear of data breaches with unencrypted or poorly encrypted data doesn’t make it any better. We’re going to tackle this field, exploring the proper methodologies for building secure authentication and data security standards. We’ll run through: * Building on top of OAuth 2 and OpenID Connect * Node middleware services for authentication * Working with proper hashing and salting algorithms, and avoiding others, for private user data * Common auth and security pitfalls and solutions In the end, we’re going to see that by understanding proper data security and authentication standards, pitfalls, and reasons for choosing one solution over another, we can make intelligent decisions on creating a solid infrastructure to protect our users and data.

Technology
1 of 54
Download to read offline
Tim Messerschmidt Head of Developer Relations, International Braintree @Braintree_Dev / @SeraAndroid Web European Conference Node.js Authentication & Data Security #NodeSecurity
@Braintree_Dev / @SeraAndroid#NodeSecurity + Braintree since 2013
@Braintree_Dev / @SeraAndroid#NodeSecurity 1. Introduction_ 2. Well-known security threats 3. Data Encryption 4. Hardening Express 5. Authentication middleware 6. Great resources Content
@Braintree_Dev / @SeraAndroid#NodeSecurity The Human Element
@Braintree_Dev / @SeraAndroid#NodeSecurity 1. 12345 2. password 3. 12345 4. 12345678 5. qwerty bit.ly/1xTwYiA Top 10 Passwords 2014 6. 123456789 7. 1234 8. baseball 9. dragon 10.football
@Braintree_Dev / @SeraAndroid#NodeSecurity 21. superman 24. batman Honorary Mention
@Braintree_Dev / @SeraAndroid#NodeSecurity Authentication & Authorization
@Braintree_Dev / @SeraAndroid#NodeSecurity 1. Introduction 2. Well-known security threats_ 3. Data Encryption 4. Hardening Express 5. Authentication middleware 6. Great resources Content
@Braintree_Dev / @SeraAndroid#NodeSecurity OWASP Top 10bit.ly/1a3Ytvg
@Braintree_Dev / @SeraAndroid#NodeSecurity 1. Injection
@Braintree_Dev / @SeraAndroid#NodeSecurity 2. Broken Authentication
@Braintree_Dev / @SeraAndroid#NodeSecurity 3. Cross-Site Scripting XSS
@Braintree_Dev / @SeraAndroid#NodeSecurity 4. Direct Object References
@Braintree_Dev / @SeraAndroid#NodeSecurity 5. Application Misconfigured
@Braintree_Dev / @SeraAndroid#NodeSecurity 6. Sensitive Data Exposed
@Braintree_Dev / @SeraAndroid#NodeSecurity 7. Access Level Control
@Braintree_Dev / @SeraAndroid#NodeSecurity 8. Cross-site Request Forgery CSRF / XSRF
@Braintree_Dev / @SeraAndroid#NodeSecurity 9. Vulnerable Code
@Braintree_Dev / @SeraAndroid#NodeSecurity 10. REDIRECTS / FORWARDS
@Braintree_Dev / @SeraAndroid#NodeSecurity 1. Introduction 2. Well-known security threats 3. Data Encryption_ 4. Hardening Express 5. Authentication middleware 6. Great resources Content
@Braintree_Dev / @SeraAndroid#NodeSecurity HashingMD5, SHA-1, SHA-2, SHA-3
http://arstechnica.com/security/2015/09/once-seen-as-bulletproof-11-million-ashley-madison-passwords-already-cracked/
@Braintree_Dev / @SeraAndroid#NodeSecurity Efficient Hashingcrypt, scrypt, bcrypt, PBKDF2
@Braintree_Dev / @SeraAndroid#NodeSecurity 10.000 iterations user system total MD5 0.07 0.0 0.07 bcrypt 22.23 0.08 22.31 md5 vs bcrypt github.com/codahale/bcrypt-ruby
@Braintree_Dev / @SeraAndroid#NodeSecurity Hashing Using Saltalgorithm(data + salt) = hash
@Braintree_Dev / @SeraAndroid#NodeSecurity 1. Introduction 2. Well-known security threats 3. Data Encryption 4. Hardening Express_ 5. Authentication middleware 6. Great resources Content
@Braintree_Dev / @SeraAndroid#NodeSecurity use strict
@Braintree_Dev / @SeraAndroid#NodeSecurity X-Powered-By
@Braintree_Dev / @SeraAndroid#NodeSecurity NODE-UUIDgithub.com/broofa/node-uuid
@Braintree_Dev / @SeraAndroid#NodeSecurity bcryptgithub.com/ncb000gt/node.bcrypt.js
@Braintree_Dev / @SeraAndroid#NodeSecurity A bcrypt generated Hash $2a$12$YKCxqK/QRgVfIIFeUtcPSOqyVGSorr1pHy5cZKsZuuc2g97bXgotS
@Braintree_Dev / @SeraAndroid#NodeSecurity bcrypt.hash('parmigiano', 12, function(err, hash) { // store hash }); bcrypt.compare('parmigiano', hash, function(err, res) { if (res === true) { // password matches } }); Generating a Hash using bcrypt
@Braintree_Dev / @SeraAndroid#NodeSecurity CSURFgithub.com/expressjs/csurf
@Braintree_Dev / @SeraAndroid#NodeSecurity var csrf = require('csurf'); var csrfProtection = csrf({ cookie: false }); app.get('/form', csrfProtection, function(req, res) { res.render('form', { csrfToken: req.csrfToken() }); }); app.post('/login', csrfProtection, function(req, res) { // safe to continue }); Using Csurf as middleware
@Braintree_Dev / @SeraAndroid#NodeSecurity extends layout block content h1 CSRF protection using csurf form(action="/login" method="POST") input(type="text", name="username=", value="Username") input(type="password", name="password", value="Password") input(type="hidden", name="_csrf", value="#{csrfToken}") button(type="submit") Submit Using the token in your template
@Braintree_Dev / @SeraAndroid#NodeSecurity Helmetgithub.com/HelmetJS/Helmet
@Braintree_Dev / @SeraAndroid#NodeSecurity var helmet = require(‘helmet’); app.use(helmet.noCache()); app.use(helmet.frameguard()); app.use(helmet.xssFilter()); … // .. or use the default initialization app.use(helmet()); Using Helmet with default options
@Braintree_Dev / @SeraAndroid#NodeSecurity var helmet = require(‘helmet’); app.use(helmet.noCache()); app.use(helmet.frameguard()); app.use(helmet.xssFilter()); … // .. or use the default initialization app.use(helmet()); Using Helmet with default options
@Braintree_Dev / @SeraAndroid#NodeSecurity Luscagithub.com/krakenjs/lusca
@Braintree_Dev / @SeraAndroid#NodeSecurity var lusca = require('lusca'); app.use(lusca({ csrf: true, csp: { /* ... */}, xframe: 'SAMEORIGIN', p3p: 'ABCDEF', xssProtection: true })); Applying Lusca as middleware
@Braintree_Dev / @SeraAndroid#NodeSecurity 1. Introduction 2. Well-known security threats 3. Data Encryption 4. Hardening Express 5. Authentication middleware_ 6. Great resources Content
@Braintree_Dev / @SeraAndroid#NodeSecurity 1. Application-level 2. Route-level 3. Error-handling Types of Express Middleware
@Braintree_Dev / @SeraAndroid#NodeSecurity var authenticate = function(req, res, next) { // check the request and modify response }; app.get('/form', authenticate, function(req, res) { // assume that the user is authenticated } // … or use the middleware for certain routes app.use('/admin', authenticate); Writing Custom Middleware
@Braintree_Dev / @SeraAndroid#NodeSecurity Passportgithub.com/jaredhanson/passport
@Braintree_Dev / @SeraAndroid#NodeSecurity passport.use(new LocalStrategy(function(username, password, done) { User.findOne({ username: username }, function (err, user) { if (err) { return done(err); } if (!user) { return done(null, false, { message: 'Incorrect username.' }); } if (!user.validPassword(password)) { return done(null, false, { message: 'Incorrect password.' }); } return done(null, user); }); })); Setting up a passport strategy
@Braintree_Dev / @SeraAndroid#NodeSecurity // Simple authentication app.post('/login', passport.authenticate(‘local'), function(req, res) { // req.user contains the authenticated user res.redirect('/user/' + req.user.username); }); // Using redirects app.post('/login', passport.authenticate('local', { successRedirect: ‘/', failureRedirect: ‘/login’, failureFlash: true })); Using Passport Strategies for Authentication
@Braintree_Dev / @SeraAndroid#NodeSecurity 1. Introduction 2. Well-known security threats 3. Data Encryption 4. Hardening Express 5. Authentication middleware 6. Great resources_ Content
@Braintree_Dev / @SeraAndroid#NodeSecurity Passwordless Authmedium.com/@ninjudd/passwords-are-obsolete-9ed56d483eb
@Braintree_Dev / @SeraAndroid#NodeSecurity OWASP Node Goatgithub.com/OWASP/NodeGoat
@Braintree_Dev / @SeraAndroid#NodeSecurity Fast Identity Onlinefidoalliance.org
@Braintree_Dev / @SeraAndroid#NodeSecurity Security Beyond Current Mechanisms 1. Something you have 2. Something you know 3. Something you are
@Braintree_Dev / @SeraAndroid#NodeSecurity Favor security too much over the experience and you’ll make the website a pain to use. smashingmagazine.com/2012/10/26/password-masking-hurt-signup-form
@SeraAndroid tim@getbraintree.com slideshare.com/paypal braintreepayments.com/developers Grazie mille!

Recommended

DWS Mobile Payments Workshop
DWS Mobile Payments WorkshopDWS Mobile Payments Workshop
DWS Mobile Payments WorkshopTim Messerschmidt
 
JSConf Asia: Node.js Authentication and Data Security
JSConf Asia: Node.js Authentication and Data SecurityJSConf Asia: Node.js Authentication and Data Security
JSConf Asia: Node.js Authentication and Data SecurityTim Messerschmidt
 
Authentication in Node.js
Authentication in Node.jsAuthentication in Node.js
Authentication in Node.jsJason Pearson
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG PresentationDamon Cortesi
 
Securing Java EE Web Apps
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web AppsFrank Kim
 
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentalsWhen Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentalsSimon Willison
 
W3C Content Security Policy
W3C Content Security PolicyW3C Content Security Policy
W3C Content Security PolicyMarkus Wichmann
 
Top Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.NetTop Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.Netalsmola
 

Recommended

DWS Mobile Payments Workshop
DWS Mobile Payments WorkshopDWS Mobile Payments Workshop
DWS Mobile Payments WorkshopTim Messerschmidt
 
JSConf Asia: Node.js Authentication and Data Security
JSConf Asia: Node.js Authentication and Data SecurityJSConf Asia: Node.js Authentication and Data Security
JSConf Asia: Node.js Authentication and Data SecurityTim Messerschmidt
 
Authentication in Node.js
Authentication in Node.jsAuthentication in Node.js
Authentication in Node.jsJason Pearson
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG PresentationDamon Cortesi
 
Securing Java EE Web Apps
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web AppsFrank Kim
 
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentalsWhen Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentalsSimon Willison
 
W3C Content Security Policy
W3C Content Security PolicyW3C Content Security Policy
W3C Content Security PolicyMarkus Wichmann
 
Top Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.NetTop Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.Netalsmola
 
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyKevin Hakanson
 
Preventing XSS with Content Security Policy
Preventing XSS with Content Security PolicyPreventing XSS with Content Security Policy
Preventing XSS with Content Security PolicyKsenia Peguero
 
What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017Matt Raible
 
Smart Lock for Password @ Game DevFest Bangkok 2015
Smart Lock for Password @ Game DevFest Bangkok 2015Smart Lock for Password @ Game DevFest Bangkok 2015
Smart Lock for Password @ Game DevFest Bangkok 2015Somkiat Khitwongwattana
 
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!CiNPA Security SIG
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Ömer Çıtak
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data SecurityTim Messerschmidt
 
Certificate in Quantity Surveying
Certificate in Quantity Surveying Certificate in Quantity Surveying
Certificate in Quantity Surveying Atul Kumar
 
Expanding Your Network Adoption Program Globally
Expanding Your Network Adoption Program GloballyExpanding Your Network Adoption Program Globally
Expanding Your Network Adoption Program GloballySAP Ariba
 
Biggest News from Mobile World Congress 2014
Biggest News from Mobile World Congress 2014Biggest News from Mobile World Congress 2014
Biggest News from Mobile World Congress 2014Software Developers India
 
Silabo Historia de la Arquitectura III 2016-I
Silabo Historia de la Arquitectura III 2016-ISilabo Historia de la Arquitectura III 2016-I
Silabo Historia de la Arquitectura III 2016-IGusstock Concha Flores
 
Reactivos completamiento
Reactivos completamientoReactivos completamiento
Reactivos completamientoBanesa Ruiz
 
Top 5 payment mistakes made by startups
Top 5 payment mistakes made by startupsTop 5 payment mistakes made by startups
Top 5 payment mistakes made by startupsSneha Menon
 
Ácidos binarios
Ácidos binariosÁcidos binarios
Ácidos binariosdescubrirlaquimicaII
 
Silabo Taller de Diseño 1 2016-I
Silabo Taller de Diseño 1 2016-ISilabo Taller de Diseño 1 2016-I
Silabo Taller de Diseño 1 2016-IGusstock Concha Flores
 
The Conquest of Canaan
The Conquest of CanaanThe Conquest of Canaan
The Conquest of CanaanTom Richey
 
cv de jeremy dumont
cv de jeremy dumont cv de jeremy dumont
cv de jeremy dumont nous sommes vivants
 
Pew Research Center 2015 India Presentation
Pew Research Center 2015 India PresentationPew Research Center 2015 India Presentation
Pew Research Center 2015 India PresentationPew Research Center
 
Building a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsBuilding a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsTim Messerschmidt
 
Plan de clase Taller de Diseño 1 (2015-II)
Plan de clase Taller de Diseño 1 (2015-II)Plan de clase Taller de Diseño 1 (2015-II)
Plan de clase Taller de Diseño 1 (2015-II)Gusstock Concha Flores
 
Future of Learning - innovative new learning formats for accounting and finan...
Future of Learning - innovative new learning formats for accounting and finan...Future of Learning - innovative new learning formats for accounting and finan...
Future of Learning - innovative new learning formats for accounting and finan...Tom Hood, CPA,CITP,CGMA
 
EDW Webinar: Managing Change for Successful Data Governance
EDW Webinar: Managing Change for Successful Data GovernanceEDW Webinar: Managing Change for Successful Data Governance
EDW Webinar: Managing Change for Successful Data GovernanceDATAVERSITY
 

More Related Content

What's hot

Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyKevin Hakanson
 
Preventing XSS with Content Security Policy
Preventing XSS with Content Security PolicyPreventing XSS with Content Security Policy
Preventing XSS with Content Security PolicyKsenia Peguero
 
What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017Matt Raible
 
Smart Lock for Password @ Game DevFest Bangkok 2015
Smart Lock for Password @ Game DevFest Bangkok 2015Smart Lock for Password @ Game DevFest Bangkok 2015
Smart Lock for Password @ Game DevFest Bangkok 2015Somkiat Khitwongwattana
 
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!CiNPA Security SIG
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Ömer Çıtak
 

What's hot (6)

Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web Cryptography
 
Preventing XSS with Content Security Policy
Preventing XSS with Content Security PolicyPreventing XSS with Content Security Policy
Preventing XSS with Content Security Policy
 
What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017
 
Smart Lock for Password @ Game DevFest Bangkok 2015
Smart Lock for Password @ Game DevFest Bangkok 2015Smart Lock for Password @ Game DevFest Bangkok 2015
Smart Lock for Password @ Game DevFest Bangkok 2015
 
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
 

Viewers also liked

Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data SecurityTim Messerschmidt
 
Certificate in Quantity Surveying
Certificate in Quantity Surveying Certificate in Quantity Surveying
Certificate in Quantity Surveying Atul Kumar
 
Expanding Your Network Adoption Program Globally
Expanding Your Network Adoption Program GloballyExpanding Your Network Adoption Program Globally
Expanding Your Network Adoption Program GloballySAP Ariba
 
Biggest News from Mobile World Congress 2014
Biggest News from Mobile World Congress 2014Biggest News from Mobile World Congress 2014
Biggest News from Mobile World Congress 2014Software Developers India
 
Silabo Historia de la Arquitectura III 2016-I
Silabo Historia de la Arquitectura III 2016-ISilabo Historia de la Arquitectura III 2016-I
Silabo Historia de la Arquitectura III 2016-IGusstock Concha Flores
 
Reactivos completamiento
Reactivos completamientoReactivos completamiento
Reactivos completamientoBanesa Ruiz
 
Top 5 payment mistakes made by startups
Top 5 payment mistakes made by startupsTop 5 payment mistakes made by startups
Top 5 payment mistakes made by startupsSneha Menon
 
The Conquest of Canaan
The Conquest of CanaanThe Conquest of Canaan
The Conquest of CanaanTom Richey
 
Pew Research Center 2015 India Presentation
Pew Research Center 2015 India PresentationPew Research Center 2015 India Presentation
Pew Research Center 2015 India PresentationPew Research Center
 
Building a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsBuilding a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsTim Messerschmidt
 
Plan de clase Taller de Diseño 1 (2015-II)
Plan de clase Taller de Diseño 1 (2015-II)Plan de clase Taller de Diseño 1 (2015-II)
Plan de clase Taller de Diseño 1 (2015-II)Gusstock Concha Flores
 
Future of Learning - innovative new learning formats for accounting and finan...
Future of Learning - innovative new learning formats for accounting and finan...Future of Learning - innovative new learning formats for accounting and finan...
Future of Learning - innovative new learning formats for accounting and finan...Tom Hood, CPA,CITP,CGMA
 
EDW Webinar: Managing Change for Successful Data Governance
EDW Webinar: Managing Change for Successful Data GovernanceEDW Webinar: Managing Change for Successful Data Governance
EDW Webinar: Managing Change for Successful Data GovernanceDATAVERSITY
 
Enterprise Data World Webinar: How to Get Your MDM Program Up & Running
Enterprise Data World Webinar: How to Get Your MDM Program Up & RunningEnterprise Data World Webinar: How to Get Your MDM Program Up & Running
Enterprise Data World Webinar: How to Get Your MDM Program Up & RunningDATAVERSITY
 
College Student Educators: What Grad School Didn't Teach You About Your Digit...
College Student Educators: What Grad School Didn't Teach You About Your Digit...College Student Educators: What Grad School Didn't Teach You About Your Digit...
College Student Educators: What Grad School Didn't Teach You About Your Digit...Paul Brown
 
How can L&D support today's smart workers?
How can L&D support today's smart workers?How can L&D support today's smart workers?
How can L&D support today's smart workers?Jane Hart
 
Global Artic Awards: Winners & Finalists 2016 (1)
Global Artic Awards: Winners & Finalists 2016 (1)Global Artic Awards: Winners & Finalists 2016 (1)
Global Artic Awards: Winners & Finalists 2016 (1)maditabalnco
 

Viewers also liked (20)

Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
 
Certificate in Quantity Surveying
Certificate in Quantity Surveying Certificate in Quantity Surveying
Certificate in Quantity Surveying
 
Expanding Your Network Adoption Program Globally
Expanding Your Network Adoption Program GloballyExpanding Your Network Adoption Program Globally
Expanding Your Network Adoption Program Globally
 
Biggest News from Mobile World Congress 2014
Biggest News from Mobile World Congress 2014Biggest News from Mobile World Congress 2014
Biggest News from Mobile World Congress 2014
 
Silabo Historia de la Arquitectura III 2016-I
Silabo Historia de la Arquitectura III 2016-ISilabo Historia de la Arquitectura III 2016-I
Silabo Historia de la Arquitectura III 2016-I
 
Reactivos completamiento
Reactivos completamientoReactivos completamiento
Reactivos completamiento
 
Top 5 payment mistakes made by startups
Top 5 payment mistakes made by startupsTop 5 payment mistakes made by startups
Top 5 payment mistakes made by startups
 
Ácidos binarios
Ácidos binariosÁcidos binarios
Ácidos binarios
 
Silabo Taller de Diseño 1 2016-I
Silabo Taller de Diseño 1 2016-ISilabo Taller de Diseño 1 2016-I
Silabo Taller de Diseño 1 2016-I
 
The Conquest of Canaan
The Conquest of CanaanThe Conquest of Canaan
The Conquest of Canaan
 
cv de jeremy dumont
cv de jeremy dumont cv de jeremy dumont
cv de jeremy dumont
 
Pew Research Center 2015 India Presentation
Pew Research Center 2015 India PresentationPew Research Center 2015 India Presentation
Pew Research Center 2015 India Presentation
 
Building a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsBuilding a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with Beacons
 
Plan de clase Taller de Diseño 1 (2015-II)
Plan de clase Taller de Diseño 1 (2015-II)Plan de clase Taller de Diseño 1 (2015-II)
Plan de clase Taller de Diseño 1 (2015-II)
 
Future of Learning - innovative new learning formats for accounting and finan...
Future of Learning - innovative new learning formats for accounting and finan...Future of Learning - innovative new learning formats for accounting and finan...
Future of Learning - innovative new learning formats for accounting and finan...
 
EDW Webinar: Managing Change for Successful Data Governance
EDW Webinar: Managing Change for Successful Data GovernanceEDW Webinar: Managing Change for Successful Data Governance
EDW Webinar: Managing Change for Successful Data Governance
 
Enterprise Data World Webinar: How to Get Your MDM Program Up & Running
Enterprise Data World Webinar: How to Get Your MDM Program Up & RunningEnterprise Data World Webinar: How to Get Your MDM Program Up & Running
Enterprise Data World Webinar: How to Get Your MDM Program Up & Running
 
College Student Educators: What Grad School Didn't Teach You About Your Digit...
College Student Educators: What Grad School Didn't Teach You About Your Digit...College Student Educators: What Grad School Didn't Teach You About Your Digit...
College Student Educators: What Grad School Didn't Teach You About Your Digit...
 
How can L&D support today's smart workers?
How can L&D support today's smart workers?How can L&D support today's smart workers?
How can L&D support today's smart workers?
 
Global Artic Awards: Winners & Finalists 2016 (1)
Global Artic Awards: Winners & Finalists 2016 (1)Global Artic Awards: Winners & Finalists 2016 (1)
Global Artic Awards: Winners & Finalists 2016 (1)
 

Similar to Node.js Authentication & Data Security

Expanding APIs beyond the Web
Expanding APIs beyond the WebExpanding APIs beyond the Web
Expanding APIs beyond the WebTim Messerschmidt
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSlawomir Jasek
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
Let's write secure Drupal code! - DrupalCamp London 2019
Let's write secure Drupal code! - DrupalCamp London 2019Let's write secure Drupal code! - DrupalCamp London 2019
Let's write secure Drupal code! - DrupalCamp London 2019Balázs Tatár
 
Dicoding Developer Coaching #37: Android | Kesalahan yang Sering Terjadi pada...
Dicoding Developer Coaching #37: Android | Kesalahan yang Sering Terjadi pada...Dicoding Developer Coaching #37: Android | Kesalahan yang Sering Terjadi pada...
Dicoding Developer Coaching #37: Android | Kesalahan yang Sering Terjadi pada...DicodingEvent
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery... DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...Fedir RYKHTIK
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
How to secure web applications
How to secure web applicationsHow to secure web applications
How to secure web applicationsMohammed A. Imran
 
Content-Security-Policy 2018.0
Content-Security-Policy 2018.0Content-Security-Policy 2018.0
Content-Security-Policy 2018.0Philippe Gamache
 
Security: Odoo Code Hardening
Security: Odoo Code HardeningSecurity: Odoo Code Hardening
Security: Odoo Code HardeningOdoo
 
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware AnalysisIstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware AnalysisBGA Cyber Security
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJSThang Chung
 
Designing Secure APIs in the Cloud
Designing Secure APIs in the CloudDesigning Secure APIs in the Cloud
Designing Secure APIs in the CloudPostman
 
Meteor Meets Mallory
Meteor Meets MalloryMeteor Meets Mallory
Meteor Meets MalloryEmily Stark
 
Scout xss csrf_security_presentation_chicago
Scout xss csrf_security_presentation_chicagoScout xss csrf_security_presentation_chicago
Scout xss csrf_security_presentation_chicagoknaddison
 
OWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript ApplicationsOWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript ApplicationsLewis Ardern
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net FrameworkRamakanta Behera
 
CSS Architecture - JSIL.pdf
CSS Architecture - JSIL.pdfCSS Architecture - JSIL.pdf
CSS Architecture - JSIL.pdfJonDan6
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsAleksandr Yampolskiy
 

Similar to Node.js Authentication & Data Security (20)

Expanding APIs beyond the Web
Expanding APIs beyond the WebExpanding APIs beyond the Web
Expanding APIs beyond the Web
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Let's write secure Drupal code! - DrupalCamp London 2019
Let's write secure Drupal code! - DrupalCamp London 2019Let's write secure Drupal code! - DrupalCamp London 2019
Let's write secure Drupal code! - DrupalCamp London 2019
 
Hackers vs developers
Hackers vs developersHackers vs developers
Hackers vs developers
 
Dicoding Developer Coaching #37: Android | Kesalahan yang Sering Terjadi pada...
Dicoding Developer Coaching #37: Android | Kesalahan yang Sering Terjadi pada...Dicoding Developer Coaching #37: Android | Kesalahan yang Sering Terjadi pada...
Dicoding Developer Coaching #37: Android | Kesalahan yang Sering Terjadi pada...
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery... DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
 
Application Security
Application SecurityApplication Security
Application Security
 
How to secure web applications
How to secure web applicationsHow to secure web applications
How to secure web applications
 
Content-Security-Policy 2018.0
Content-Security-Policy 2018.0Content-Security-Policy 2018.0
Content-Security-Policy 2018.0
 
Security: Odoo Code Hardening
Security: Odoo Code HardeningSecurity: Odoo Code Hardening
Security: Odoo Code Hardening
 
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware AnalysisIstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJS
 
Designing Secure APIs in the Cloud
Designing Secure APIs in the CloudDesigning Secure APIs in the Cloud
Designing Secure APIs in the Cloud
 
Meteor Meets Mallory
Meteor Meets MalloryMeteor Meets Mallory
Meteor Meets Mallory
 
Scout xss csrf_security_presentation_chicago
Scout xss csrf_security_presentation_chicagoScout xss csrf_security_presentation_chicago
Scout xss csrf_security_presentation_chicago
 
OWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript ApplicationsOWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript Applications
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
 
CSS Architecture - JSIL.pdf
CSS Architecture - JSIL.pdfCSS Architecture - JSIL.pdf
CSS Architecture - JSIL.pdf
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
 

More from Tim Messerschmidt

HackconEU: Hackathons are for Hackers
HackconEU: Hackathons are for HackersHackconEU: Hackathons are for Hackers
HackconEU: Hackathons are for HackersTim Messerschmidt
 
The Anatomy of Invisible Apps
The Anatomy of Invisible AppsThe Anatomy of Invisible Apps
The Anatomy of Invisible AppsTim Messerschmidt
 

More from Tim Messerschmidt (7)

HackconEU: Hackathons are for Hackers
HackconEU: Hackathons are for HackersHackconEU: Hackathons are for Hackers
HackconEU: Hackathons are for Hackers
 
The Anatomy of Invisible Apps
The Anatomy of Invisible AppsThe Anatomy of Invisible Apps
The Anatomy of Invisible Apps
 
Death to Passwords SXSW 15
Death to Passwords SXSW 15Death to Passwords SXSW 15
Death to Passwords SXSW 15
 
Future Of Payments
Future Of PaymentsFuture Of Payments
Future Of Payments
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To Passwords
 
Kraken at DevCon TLV
Kraken at DevCon TLVKraken at DevCon TLV
Kraken at DevCon TLV
 
SETapp Präsentation
SETapp PräsentationSETapp Präsentation
SETapp Präsentation
 

Recently uploaded

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Recently uploaded (20)

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Node.js Authentication & Data Security