Node.js – tools/packages/practices for building a secure,high performance API with quality code

Contents >Code standard and styling >Security >Performance         In this article, we will take a look at some important aspects to be considered while developing Node.js applications and the tools/packages/practices that can be used to achieve them. Understanding and using these will help you in building a secure web application that is well structured and well documented and has a very high performance. Code standard and styling Tool – Linters(ESLint/JSLint/TSLint) Linters are static code analyzing tools that check for static code issues like styling errors, poorly structured code and unsafe code. Linters help in implementing a certain set of coding rules and helps in avoiding static errors like an absence of strict type checking, mismatched import or undefined variable usage .Static code analysis is analyzing the code for errors/faults in coding rule implementation before running the code. Dynamic code analysis is performed after the running. The most commonly used styling modules are Airbnb/JavaScript and Github/JavaScript.You have to integrate the linting plugin to the editor you are using(eg – Visual Studio Code/Sublime text). The linter will show linting errors like the following.   ESLint and JSLint are used along with JavaScript. TSLint is used with TypeScript. An example…

Guidelines for building a secure Web application/Mobile application – Part 1 Front-end

Security is the biggest concern while building web applications. Most of the web applications handle a lot of sensitive data and it is necessary to provide adequate security to protect this data from perpetrators. This series of articles discuss various security issues, types of attacks and guidelines to be followed for building a  secure application. Front-end    The basic security features that should be implemented in every web application front-end are as follows. Request Method – All sensitive data should be sent to the server via a POST request only. All form submissions should be via POST method. GET method sends the data to the server in the URL whereas the POST method sends the data in the body of the request. Thus sending the form submission data via the POST method makes the data less exposed.GET method should be used to fetch data only. While doing data pagination, the page number or limit can be sent to the server via GET request. Sensitive data should only be sent via a POST request. Examples for sensitive data are passwords, usernames, customer details, OTP, Bank account numbers, etc. Validations must be performed on every input Validations – Validations should be ensured on all inputs…

Share this page in social media platforms