Securing Node.js Applications Against Common Vulnerabilities
Best practices for protecting Node.js applications from common security threats such as XSS, SQL Injection, and CSRF.
0 likes
179 views
Rule Content
{
"title": "Securing Node.js Applications Against Common Vulnerabilities",
"description": "Best practices for protecting Node.js applications from common security threats such as XSS, SQL Injection, and CSRF.",
"category": "Node.js Cursor Rules",
"rules": [
{
"id": "nodejs-secure-dependencies",
"description": "Regularly update and audit project dependencies to address known vulnerabilities.",
"recommendation": "Use tools like npm audit or Snyk to identify and resolve security issues in dependencies.",
"severity": "high",
"tags": ["security", "dependencies"]
},
{
"id": "nodejs-input-validation",
"description": "Validate and sanitize all user inputs to prevent injection attacks.",
"recommendation": "Implement input validation libraries such as Joi or express-validator to enforce strict data validation.",
"severity": "critical",
"tags": ["security", "input-validation"]
},
{
"id": "nodejs-authentication",
"description": "Implement strong authentication mechanisms to protect user accounts.",
"recommendation": "Use secure password hashing algorithms like bcrypt and consider implementing multi-factor authentication (MFA).",
"severity": "critical",
"tags": ["security", "authentication"]
},
{
"id": "nodejs-https-enforcement",
"description": "Enforce HTTPS to secure data transmission between clients and the server.",
"recommendation": "Obtain and configure SSL/TLS certificates to enable HTTPS and redirect all HTTP traffic to HTTPS.",
"severity": "high",
"tags": ["security", "https"]
},
{
"id": "nodejs-secure-headers",
"description": "Set secure HTTP headers to protect against common web vulnerabilities.",
"recommendation": "Use middleware like Helmet to configure headers such as Content Security Policy (CSP) and X-Frame-Options.",
"severity": "high",
"tags": ["security", "http-headers"]
},
{
"id": "nodejs-rate-limiting",
"description": "Implement rate limiting to prevent brute-force attacks and abuse.",
"recommendation": "Use middleware like express-rate-limit to limit repeated requests to public APIs and endpoints.",
"severity": "medium",
"tags": ["security", "rate-limiting"]
},
{
"id": "nodejs-csrf-protection",
"description": "Protect against Cross-Site Request Forgery (CSRF) attacks.",
"recommendation": "Implement anti-CSRF tokens using middleware like csurf to ensure that state-changing requests originate from your site.",
"severity": "high",
"tags": ["security", "csrf"]
},
{
"id": "nodejs-error-handling",
"description": "Handle errors securely to prevent information leakage.",
"recommendation": "Avoid exposing detailed error messages to users; log errors internally and provide generic error responses.",
"severity": "medium",
"tags": ["security", "error-handling"]
},
{
"id": "nodejs-session-management",
"description": "Implement secure session management practices.",
"recommendation": "Use secure, random session IDs and configure session cookies with attributes like HttpOnly and Secure.",
"severity": "high",
"tags": ["security", "session-management"]
},
{
"id": "nodejs-logging-monitoring",
"description": "Implement logging and monitoring to detect and respond to security incidents.",
"recommendation": "Use logging libraries to monitor application behavior and set up alerts for suspicious activities.",
"severity": "medium",
"tags": ["security", "logging", "monitoring"]
}
]
}