Sorry, not available in this language yet

English
日本語
简体中文

AppSec SaaS Platform | Integrated, cloud-based AST solution optimized for development and DevSecOps teams.
AppSec IDE Plug-ins | Secure code as you write it in your IDE
Software Risk Management | Manage application security programs at enterprise scale
DevSecOps Integrations | Integrate AppSec tools into DevOps workflows

Static Analysis (SAST) | Address security and quality defects in code as it's being developed
Software Composition Analysis (SCA) | Secure and manage open source risks in applications and containers
Interactive Analysis (IAST) | Automate web security testing within your DevOps pipelines
Dynamic Analysis (DAST) | Continuous web application security testing in production.
Penetration Testing | Identify business-critical vulnerabilities with on-demand testing expertise.
Protocol Fuzzing | Identify defects and zero-day vulnerabilities in services and protocols

Program Strategy & Planning | Measure, scale, and optimize your AppSec program
Threat & Risk Assessments | Understand and address internal and external security risks
Security Training | Equip development teams with the skills they need to produce more secure software
Implementation & Deployment | Optimize utilization, management and deployment of AppSec tools
Security Testing Services | On-demand AppSec testing resources and expertise

Open Source & Security Audits | Comprehensive technical due diligence services for M&A

AI-generated code | Harness the power of AI coding assistants while managing the risks
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Consolidation | Simplify your application security program
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud
Open Source License Compliance | Effective solutions for ensuring open source license compliance
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality & Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators

Dev and DevOps Teams | Build secure software while maintaining developer productivity and pipeline velocity.
Security Teams | Align people, processes, and technology to minimize software risk and transform your business.
Legal Teams | Solutions to protect your IP and manage risk.

Financial Services | Protect sensitive customer and financial data from rapidly evolving security threats.
IoT & Embedded | Ensure your embedded and IoT devices are safe, secure, and reliable.
Automotive | Build software security & reliability into the modern connected car.
Telecommunications | Create seamless and safe mobile experiences, from silicon to software.
Aerospace & Defense | Solutions for automating mission-critical development.
Public Sector | Application security for government agencies and their suppliers.
Medical Device | Safeguard medical devices and applications.

Hapi.js Security

Course Description

Hapi is not your typical server-side JavaScript framework. Hapi's creators put a lot of effort into making Hapi work for you instead of against you. In this course, we look at what that means for security. By the end of this course, you will have a thorough understanding of the Hapi-specific security aspects of building modern applications.

Learning Objectives

Illustrate how common vulnerabilities manifest themselves in Hapi applications
Prevent path traversal and XSS vulnerabilities in Hapi applications
Identify how Hapi supports authentication, session management, and authorization
Explain how OAuth 2.0 and OpenID Connect can be integrated into a Hapi application
Define security best practices for modern Hapi applications

Details

Duration: 1 hour 45 minutes

Level: Intermediate

Intended Audience:

Back-End Developers

Prerequisites:

Course Outline

Introduction

What Hapi Is All About

Security in the Hapi Framework

Hapi's Security Philosophy
Hapi Modules and Plugins
Hapi Hapi Joi Joi
Logging in Hapi

Configuring Security Headers

The Effect of Security Headers
Security Headers in Hapi
Overview of Current Best Practices

Serving Static Files

Serving Static Files
Path Traversal Vulnerabilities
Serving Directories with Inert
Custom Path Validation

Mitigating XSS in Hapi Views

Hapi and Templating Engines
Refresher on XSS
Overview of XSS Mitigations
Mitigating XSS in Handlebars Views
Mitigating XSS in React Views

User Authentication in Hapi

Integrated User Authentication
Delegating Authentication with OpenID Connect
Combining OpenID Connect with OAuth 2.0

Session Management in Hapi

Sessions in Modern Applications
Cookie-Based Sessions in Hapi
Securing Cookies
Securing Cookies Best Practices
Cookie Security in Hapi

Making Authentication Decisions

Enforcing Authorization
Authorization on Routes
Entities and Scopes
Implement an Internal Authorization Mechanism
Handling External Access Tokens

Conclusion

Hapi and Security
Security Headers
Serving Files
Mitigating XSS When Serving HTML
Authentication and Session Management
Authorization

Print to PDF

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster

Learn more about developer security training