authors: "jamestewartjr"
team_size: 2
goal_id: -
title: To Do List Security, Linting, and Deployment
created_at: -
labels: practice
published: false
level: '2'
redirect_from: "/goals/-"
To Do List Security, Linting, and Deployment
Challenge Rating
This goal will likely be within your ZPD if you...
Can build basic websites with HTML, CSS & JavaScript
Have familiarity with SQL
Can build full-stack web applications with Express and Postgres
Can install and use frameworks and libraries in your applications
Are comfortable jumping into a new codebase
Are familiar with software testing
Are familiar with testing tools for the Node.js environment
Are interested in building full-stack web applications
Are interested in improving testing skills
Are interested in website security
Are interested in linting your code
Are interested in deployment
Description
In this goal, you will hack a simple to-do list app, where you will exploit the site for XSS, CSRF vulnerabilities and SQL injections. At the same time, you will have linted code. You will have a deployed web app.
This goal is a great introduction to learning why website security is important and why developers should think about adding these protections for their users.
You'll be working with the [Express][npm-express] library for Node.js to help you scaffold and build the server-side logic of your application.
Most learners have used [Postgres][postgres] for their database and [pg-promise][npm-pg-promise] for connecting to a Postgres database from a Node.js app.
Context
At Learners Guild, the goal is to become a talented creator of full-stack web applications. This project is an excellent opportunity to see how all your various skills will come together to defend against security attacks.
When working on this goal, you'll encounter questions such as:
How could your code become readable for you and other developers?
How is your code written to allow vulnerabilities for your users?
When and where will users run into errors, and how should the app respond to them?
What are deployment and continuous integration?
What is the UI needed to satisfy this user story?
Specifications
[ ] The application is linted with ESLint
[ ] Project has a configured ESLint file.
[ ] Code for each project meets formatting specs in ESLint file.
[ ] Application has a command to lint code (example: $ npm run lint).
[ ] The application is deployed to Heroku.
[ ] All tests are passing.
[ ] Application has a command to deploy to production (example: $ npm run deploy).
[ ] Link to deployed application on Heroku is included in README.
[ ] README includes “How to Deploy” instructions (setting environment variables, configuring databases, etc.)
[ ] Continuous integration is configured.
[ ] CI status badge is added to the README (example: Circle CI docs on status badge).
[ ] CI is integrated with GitHub to run tests with each new pull request.
[ ] The application uses a deploy hook (Heroku’s built in Deploy Hooks is a good option) to send email or Slack message with each new deploy.
[ ] Where appropriate, tests are updated to match refactored code.
[ ] The artifact produced is properly licensed, preferably with the [MIT license][mit-license].
Stretch
[ ] Users can rearrange to do list items.
[ ] Users can create multiple to-do lists.
[ ] Users have their own account and can sign up and log in/out.
authors: "jamestewartjr" team_size: 2 goal_id: - title: To Do List Security, Linting, and Deployment created_at: - labels: practice published: false level: '2' redirect_from: "/goals/-"
To Do List Security, Linting, and Deployment
Challenge Rating
This goal will likely be within your ZPD if you...
Description
In this goal, you will hack a simple to-do list app, where you will exploit the site for XSS, CSRF vulnerabilities and SQL injections. At the same time, you will have linted code. You will have a deployed web app.
This goal is a great introduction to learning why website security is important and why developers should think about adding these protections for their users.
You'll be working with the [Express][npm-express] library for Node.js to help you scaffold and build the server-side logic of your application.
Most learners have used [Postgres][postgres] for their database and [pg-promise][npm-pg-promise] for connecting to a Postgres database from a Node.js app.
Context
At Learners Guild, the goal is to become a talented creator of full-stack web applications. This project is an excellent opportunity to see how all your various skills will come together to defend against security attacks.
When working on this goal, you'll encounter questions such as:
Specifications
[ ] The application is linted with ESLint
Stretch
Resources
Tools