TheLazy.Dev
Portfolio GitHub

Blog

THE BEST TWO WAYS TO SECURED YOUR WEB APP

arosebine

Arowolo Ebine

Posted on August 3, 2022

THE BEST TWO WAYS TO SECURED YOUR WEB APP

THE BEST TWO WAYS TO SECURED YOUR WEB APP:

Validate User Inputs:

Accordingly, Injection-based attacks can come in so many ways; XSS, SQL injections, host header injection, and OS command injection are a few examples of these attacks.

Therefore, Injection-based attacks have over the years made their way into the OWASP (Open Web Application Security Project) and SANS Top 25 CWE (Common Weakness Enumeration) many times.

So, in the web development, we need to validate all inputs before the application processes the data to mitigate injection-based attacks.

E.g., the phone number field, Password field, Name field, they must only accept an acceptable format with specific numeric and special characters.

Managing Application Secrets:
This is another crucial way to securitized the web app secret credentials by managing sensitive secrets such as database connection strings, API keys, and credentials is mandatory in any application.
Therefore, we should stop keeping these secrets in the codebase at all costs and follow standard rules and methods to store them.

for example, You can use environment variables within the operating system to store this sensitive information, and we can use Node.js to call these environment variables.

However, there are instances where the application would require more than one variable instantiated. At this juncture, the only best way to manage secrets is to use the dotenv package.

so, you can easily install it using npm or Yarn as follows:

NPM

npm install dotenv

Yarn

yarn add dotenv

Then, create a .env file at the project root and define all the secrets in that file.

NODE_ENV= develpment,
MONGODB_URL = "mongodb_url:uerbsf@kgeyfdop_jhf"
PORT = 3000
USERNAME=secret123
PASSWORD=secret123@
Enter fullscreen mode Exit fullscreen mode

Finally, you can require and use these secrets in the application like below:

require('dotenv').config();

mongoose.connect({
host: process.env.PORT,
username: process.env.MONGODB_URL,
password: process.env.PASSWORD
})
Enter fullscreen mode Exit fullscreen mode

Most importantly, make sure to include .env files in the .gitignore file to prevent them from being pushed to the Git repository.

💖 💪 🙅 🚩
arosebine
Arowolo Ebine

Posted on August 3, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

I am purposefully super nice to AI because I imagine they are trained on data where nice people get better help. Doing this, though, has an existential uneasiness to it.
ai I am purposefully super nice to AI because I imagine they are trained on data where nice people get better help. Doing this, though, has an existential uneasiness to it.

November 28, 2024

If you're a beginner, definitely check this open source guide. I've explained almost everything you need to know.
undefined If you're a beginner, definitely check this open source guide. I've explained almost everything you need to know.

November 28, 2024

The best way to get better at writing code is...
development The best way to get better at writing code is...

November 28, 2024

AI Innovations at Microsoft Ignite 2024 What You Need to Know (Part 2)
githubcopilot AI Innovations at Microsoft Ignite 2024 What You Need to Know (Part 2)

November 29, 2024

Buying nothing, or how digital art is disappearing
discuss Buying nothing, or how digital art is disappearing

November 28, 2024