Hardening nodeJS site security with HTTP headers

[shedar]

Title

Hardening nodeJS site security with HTTP headers

Description

It will be an overview of HTTP headers which are designed to prevent different attacks and how to add them to your nodeJS application (such as X-Frame-Options, X-Content-Type-Options, etc.). Most of them are not as popular and well-known as it should be. Some of them can now be used by more sites with free HTTPS certificates from Let's Encrypt (e.g. HSTS). For each HTTP header, I'll describe the following:

• short description
• header options
• an example of an attack on a site without this header (brief description, without exploit code)
• how to use it with nodeJS application
• edge cases

  Learning objectives

• Understand how to improve site security with HTTP headers
• How to use them with nodeJS application
• How to add them to an existing site and don't break pages which violate strict security policies.

  City of residence

Chernihiv, Ukraine

[gergelyke]

Hello Oleg!

We really, really thank you for your participation in the Call for Proposal for NodeConf Budapest 2017!

We're sorry to tell you, that although your topic was really great, it didn't get accepted to our event this year. It wasn't an easy decision, and it took a while for us, but with all the factors that influenced us during the selection process, it had to be made.

To compensate this sad news a bit, we would like to invite you to come as an attendee! As an appreciation for the effort you already made to make this event great, we'd like to give you a ticket with a 20% discount: https://ti.to/risingstack/nodeconf-budapest/discount/thanks-for-your-cfp

We hope you can make it!