9.2: Security - Bootcamp

Search…

📅

Course Schedule

🛠

Course Logistics

Pairing Assignments

Required Hardware and Software

Course Methodology

Naming, Casing, and Commenting Conventions

Tools, Syntax, and Glossary

LinkedIn Education Badge

Recommended Resources

Sharing Code with Classmates

🏞

Projects

Project 1: Video Poker

Project 2: Server-Side App

Project 3: Full-Stack Game

Project 4: Full-Stack React App

Project 5: Group React App

Project 6: Capstone

0: Language and Tooling

0.0: Module 0 Overview

0.1: New JS Syntax

0.3: Reading Documentation

0.4: JS Object as Tally

0.5: Advanced Git

0.7: Thunder Client

0.8: JS Promises

0.9: VSCode Node Debugger

0.10: Introduction to Classes

0.ICE: In-Class Exercises

1: Frontend Basics

1.0: Module 1 Overview

1.2: DOM Review

1.3: High Card DOM

1.4: setTimeout

1.5: High Card setTimeout

1.6: Match Game

1.7: setInterval

1.9: Tic Tac Toe

1.10: Multi-File Refactor

1.11: CSS Control with DOM

1.ICE: In-Class Exercises

1.POCE: Post-Class Exercises

🌈

CSS

CSS.1: Basic CSS

CSS 1.2 CSS Classes, Id's and Inheritance

CSS 1.3: Cascading and Specificity

CSS.4: Responsive Design

CSS.5: Web Design Basics

CSS.6: Bootstrap

CSS.ICE: In-Class Exercises

CSS.POCE - Post-Class Exercises

2: Backend Basics

2.0: Module 2 Overview

2.1: My First Node.js Program

2.2: Command Line Programs

2.4: Disk Reading

2.5: Disk Writing

2.6: Disk Altering

2.7: Internet 101

2.8: Chrome Networking

2.9: HTTP Requests and Responses

2.10: HTTP File Server

2.11: Deploy Server to Cloud

2.12: Domain Names

2.ICE: In-Class Exercises

2.POCE: Post-Class Exercises

3: Backend Applications

3.0: Module 3 Overview

3.1: Express.js

3.3: SQL Language

3.4: SQL Applications

3.5: Authentication

3.ICE: In-Class Exercises

3.POCE: Post-Class Exercises

4: Backend Structure

4.0: Module 4 Overview

4.1: ORM, Sequelize

4.ICE: In-Class Exercises

4.POCE: Post-Class Exercises

5: Full-Stack Applications

5.0: Module 5 Overview

5.1: DOM Manipulation with Express App

5.ICE: In-Class Exercises

5.POCE: Post-Class Exercises

6: Frontend Infrastructure

6.0: Module 6 Overview

6.ICE: In-Class Exercises

7: React

7.0: Module 7 Overview

7.2: React Components

7.3: Using React with Express and Webpack

7.4: React State

7.5: Controlled Forms

7.6: Passing Data Between Sibling Components

7.7: Designing Component Hierarchy

7.8: Error Boundaries

7.9: React Dev Tools

7.ICE: In-Class Exercises

7.POCE: Post-Class Exercises

8: Advanced React

8.0: Module 8 Overview

8.1: Create React App

8.2: Higher-Order Components

8.3: Advanced State

8.4: React Router

8.5: Advanced useEffect

8.6: Styled Components

8.7: React Portals

8.8: React NPM Packages

8.9: React State Management

8.ICE: In-Class Exercises

8.POCE: Post-Class Exercises

9: Advanced Topics

9.0: Module 9 Overview

9.2.3: SQL Injection

9.4: React Native

9.5: ML - Bayes Theorem

9.6: GraphQL / React-Apollo

9.7: Web Sockets

9.8: CSS Animations

9.ICE: In-Class Exercises

9.POCE: Post-Class Exercises

🧮

Algorithms

A.0: Algorithms Overview

A.1: Intro to SWE Interviews

A.2: Intro to Python

A.3: Complexity Analysis, Big-O Notation

A.4: Interview Strategies

A.5: Data Structures

A.6: Binary Search

A.7: Sliding Windows

A.8: Object-Oriented Programming

A.10: Sorting Algorithms

A.11: Dynamic Programming

A.12: Bit Manipulation

A.13: Open Practice

💼

Interview Prep

IP.0: Interview Prep Overview

IP.1: Job Application Strategy

IP.3: Portfolio

IP.5: Negotiation

☺

User Experience

UX.2: The UX Process

UX.3: How to Design Your App

Algorithms (New)

Intro to Python

Intro to Algorithm Problem Sets

Data Structures

0: Language and Tooling Teaching Guide

1: Frontend Basics Teaching Guide

🌈

CSS Teaching Guide

CSS.5: Web Design Basics

CSS.4: Responsive Design

CSS.2.6: Layout: Columns & Cards

CSS 1.0: Basics

2: Backend Basics Teaching Guide

2.0: Module 2 Overview

3: Backend Applications Teaching Guide

4: Backend Structure Teaching Guide

5: Full-Stack Applications Teaching Guide

6: Frontend Infrastructure Teaching Guide

7: React Teaching Guide

8: Advanced React Teaching Guide

9: Advanced Topics Teaching Guide

🧮

Algorithms Teaching Guide

💼

Interview Prep Teaching Guide

☺

User Experience Teaching Guide

Powered By GitBook

9.2: Security

App security is an important aspect of anything that is on the internet. Depending on the type of application security could be a crucial aspect of the operation of an app.
How secure is it?
There is no such thing as a perfectly secure web application. The most secure software application that can be made would be installed on an air gapped computer in a hermetically sealed room. It would be difficult to even give input or get any output from this theoretical computer since every possible mode of interaction could introduce security vulnerabilities. (A computer can be vulnerable if someone can simply listen to a user typing on the computer).
Many security vulnerabilities will simply result from human behavior and for which there is no technical solution, e.g., users writing their passwords on post-its.​
Making an App Secure
The process of making an application secure involves applying industry best-practices, some of which we have already covered, such as hashing passwords. These best practices would also include organizational processes, such as limiting employees' access to sensitive company data. We won't be able to cover every single best practice here, as it also depends on which features are included into an app.
There are many resources on the web for application security:
​OWASP​
​Ruby on Rails Security​
​MDN​
Don't Trust User Input
The essential principle for security of web apps is: Don't Trust User Input. If this principle is followed when constructing any feature of the app then the attack surface will be reduced significantly. We'll define user input broadly as anything that the app receives in a request.
In the following examples we'll see some ways in which the user input was not treated as dangerous, which can lead to some wide-ranging consequences.
In general we'll also see that in order to exploit any security vulnerability the attacker must have comprehensive knowledge of how a web application system works, from HTTP to JavaScript, etc. That also means that in order to assure the security of an application, that person must also have a deep understanding of all levels of the application.
Sample App
For all the examples we'll be using this deployed express app: https://express-security-bootcamp.herokuapp.com/​
The code for this app is here: https://github.com/rocketacademy/express-security-bootcamp​

Last modified 2mo ago

Copy link

Contents

How secure is it?

Making an App Secure

Don't Trust User Input