Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Internet Applications And Techniques > Node.js Security and Architecture > Flashcards

Node.js Security and Architecture Flashcards

1
Q

What is OWASP?

A

Open Web Application Security Project.

It’s a useful resource for threat prevention advice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name the three security risks that we studies that are applicable to node.js

A

Code Injection

Cross Site Scripting (XSS)

Malicious Packages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Code Injection?

A

Inserting (‘injecting’) data into an application, which is then interpreted as a command

A SERVER SIDE vulnrability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do you protect against Code Injection?

A

Validating Data - ensuring that the data you have received is of the correct type (eg expecting a String but receiving a JS object)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is XSS?

A

Cross Site Scripting

A specific type of injection attack - a CLIENT SIDE vulnerability

An attacker submits untrusted data, which the browser then re-displays. It could seem legitimate (eg a facebook post or fake listing on a shopping site), which tricks users into trusting it and passing the code. Code is then passed back to the user in a way that causes the browser to parse the code as if it were part of the application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do you protect against XSS?

A

Sanitising Input - check whether the input matches the expectation

Never print input from a user to a HTML page without sanitising it (removing undesirable parts of the code)

Use a trusted library to do this

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a Malicious Package?

A

Packages downloaded from npm that do not do what they day they do, or are malicious copies of legitimate packages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why are Malicious Packages dangerous?

A

When installing from npm, you:

  • execute code from someone else
  • expose users to code not written by you, often for code that hasn’t been written yet (libraries get updated)

By allowing others to run code on your machine with user privileges, you are giving them a lot of power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do you protect against malicious packages?

A

Check npm trust indicators

Lock down the package version when downloading

Check for typos when installing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is ODM?

A

Object Document Mapping

Maps documents in a database to objects in the code
- exists for document-oriented databases

Provides abstraction for the basic CRUD methods and other operations on documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does using ODM mean in practice?

A

You can write code in your app’s naive language (eg JS)

If used properly, ODM will take care of object persistance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How does ODM help to achieve a three-tier architecture?

A

It abstracts away the details of database calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Internet Applications And Techniques (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions