Hapi.js Security

Description

Hapi.js is a great choice for a server-side framework because of its first-level support for common security practices. In this microcourse, you will learn about the top 10 Hapi security best practices, which will help to arm you with the knowledge required to keep your Hapi applications locked down. 

Learning Objectives

  • Securely serve static resources 
  • Prevent XSS injections with secure templates 
  • Secure cookies with defined best practices 
  • Perform proper content validation 
  • Protect against CORS and CSRF attacks 
  • Implement a strong content security policy

Course Outline

  • Course Overview
  • Best Practice: Securely Serve Your Static Resources 
  • Best Practice: Use a Trusted Cross-Site Scripting (XSS) Sanitizer
  • Best Practice: Use Secure-Handlebars When Possible 
  • Best Practice: Control Sources of Content 
  • Best Practice: Secure Your Cookies 
  • Best Practice: Validate Everything With Joi 
  • Best Practice: Protect Requests With the Crumb Plugin 
  • Best Practice: Whitelist Allowed Domains Using CORS 
  • Best Practice: Implement a Strong Content Security Policy (CSP) Early 
  • Best Practice: Protect IE Users With X-Download-Options

Details

Duration: 10 minutes

Level: Intermediate

Intended Audience:

  • Back-End Developers
  • Enterprise Developers

Competencies: Basic understanding of the Hapi.js framework

Prerequisites: None