Node Security -- Table of Contents -- Node Security -- Credits -- About the Author -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers and more -- Why Subscribe? -- Free Access for Packt account holders -- Preface -- What this book covers -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Downloading the example code -- Errata -- Piracy -- Questions -- 1. Introduction to Node.js -- History of Node.js -- How Node.js differs? -- Securing Node.js applications -- Summary -- 2. General Considerations -- JavaScript security -- ES5 features -- Strict mode -- Object property descriptors -- Static program analysis -- Considerations for Node.js -- Callback errors -- EventEmitter error handling -- Uncaught exceptions -- Domains -- Process monitoring -- npm modules (third-party code) -- Summary -- 3. Application Considerations -- Introduction to Express -- Authentication -- HTTP Basic Authentication -- HTTP Digest Authentication -- Introducing Passport.js -- OpenID -- OAuth -- Authorization -- Security logging -- Error handling -- Summary -- 4. Request Layer Considerations -- Limiting the request size -- Using streams instead of buffering -- Monitoring the event loop's responsiveness -- Cross-site Request Forgery -- Input validation -- Summary -- 5. Response Layer Vulnerabilities -- Cross-site Scripting (XSS) -- Denial of Service -- Security-related HTTP headers -- Content security policy -- HTTP Strict Transport Security (HSTS) -- X-Frame-Options -- X-XSS-Protection -- X-Content-Type-Options -- Cache-Control -- Summary -- Index.