rafaelgeronimo
commented
6 years ago - [ ] Install and Require Helmet
- [ ] Hide Potentially Dangerous Information Using helmet.hidePoweredBy()
- [ ] Mitigate the Risk of Clickjacking with helmet.frameguard()
- [ ] Mitigate the Risk of Cross Site Scripting (XSS) Attacks with helmet.xssFilter()
- [ ] Avoid Inferring the Response MIME Type with helmet.noSniff()
- [ ] Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen()
- [ ] Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts()
- [ ] Disable DNS Prefetching with helmet.dnsPrefetchControl()
- [ ] Disable Client-Side Caching with helmet.noCache()
- [ ] Set a Content Security Policy with helmet.contentSecurityPolicy()
- [ ] Configure Helmet Using the ‘parent’ helmet() Middleware
- [ ] Understand BCrypt Hashes
- [ ] Hash and Compare Passwords Asynchronously
- [ ] Hash and Compare Passwords Synchronously