With billions of people using the Internet, the potential for nefarious or outright criminal users hitting your site is very high. With attacks ranging from MITM, CSRF, Script Injection, Clickjacking to name a few, it is imperative that we as developers understand these exploits, how they work, how they can be stopped, and how to implement the code or setup to do so. As developers, we tend to focus on the core of what our application does. Unfortunately, security tends to be overlooked or at best an afterthought.
In this talk we will explore the OWASP top web application security flaws including how they work and best practices to protect your application from them. The focus will be on Express web applications in Node, but the principles shown can be applied to any framework or environment.