https://github.com/buzzcosm/ztm-course-exercises-nodejs-security-example
Security Example
https://github.com/buzzcosm/ztm-course-exercises-nodejs-security-example
2fa-security helmetjs security ssl tls ztm ztm-course-exercises
Last synced: about 2 months ago
JSON representation
Security Example
- Host: GitHub
- URL: https://github.com/buzzcosm/ztm-course-exercises-nodejs-security-example
- Owner: buzzcosm
- Created: 2024-11-27T22:15:13.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2024-12-08T15:00:53.000Z (5 months ago)
- Last Synced: 2025-02-02T07:28:44.240Z (4 months ago)
- Topics: 2fa-security, helmetjs, security, ssl, tls, ztm, ztm-course-exercises
- Language: JavaScript
- Homepage:
- Size: 29.3 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Security Example
`ZTM` Udemy Course - [Complete NodeJS Developer](https://www.udemy.com/course/complete-nodejs-developer-zero-to-mastery).
## Prerequisite
- `Node.js` is installed โก
- Prefered Code-Editor/IDE is installed (For example: `vscode`) โ
- Terminal is ready ๐
Origin source on GitHub [here](https://github.com/odziem/security-example).
## Description
Exercises for Security Example.
## Open SSL
Creaate:
```shell
openssl req -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 365
```
## Process
Install npm packages โฌ
```shell
npm install
```
Run node application ๐๏ธ๐จ
```shell
npm start
```
```shell
npm run dev
```
Clean packages ๐งน๐ชฃ
```shell
npm run clean
```
Check vulnerabilities ๐ค
```shell
npm audit
```
Fix vulnerabilities if needed โ
```shell
npm audit fix
```
## Useful references
- [wireshark](https://www.wireshark.org/)
- [Let's Encrypt](https://letsencrypt.org/)
- [Wikipedia - Self-signed certificate](https://en.wikipedia.org/wiki/Self-signed_certificate)
- [openssl](https://openssl.org/)
- [helmet.js](https://helmetjs.github.io/) ๐๐ก๏ธโก๐ก๐ฅ
- My Docs: [helmet.md](./docs/helmet.md)
- get free ca-signed certificate
- [Let's Encrypt](https://letsencrypt.org/)
- [ZeroSSL](https://zerossl.com/)
- [SSL For Free](https://www.sslforfree.com/)
- Security
- [Cross-Site Scripting (XSS)](https://www.blackduck.com/glossary/what-is-cross-site-scripting.html#:~:text=Definition,the%20user%20to%20click%20it.)
- [okta - article: authentication vs authorization](https://www.okta.com/identity-101/authentication-vs-authorization/#:~:text=Authentication%20confirms%20that%20users%20are,and%20access%20management%20(IAM).)
- My Docs: [Two-Factor Authentication (2FA)](./docs/two-factor-authentication.md)
- [JWT - JSON Web Tokens Standard](https://jwt.io/)
> **Warning**: JWTs are credentials, which can grant access to resources. Be careful where you paste them! We do not record tokens, all validation and debugging is done on the client side.
- [okta: What is OAuth 2.0](https://auth0.com/intro-to-iam/what-is-oauth-2)
- [okta: OAuth 2.0 Flow](https://auth0.com/docs/get-started/authentication-and-authorization-flow/which-oauth-2-0-flow-should-i-use)
## Interesting Stuff
- [BOOMERANG - A simple testing tool to debug your APIs](https://boomerangapi.com/)
- [akamai - mPulse Boomerang](https://techdocs.akamai.com/mpulse-boomerang/docs/welcome-to-mpulse-boomerang)
- [Mozilla: HTTP response status codes](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status)
- [Google Cloud Platform (GCP)](https://cloud.google.com/gcp)
- [Auth for Generative AI Applications](https://www.auth0.ai/)
- [okta: Homepage - Everything starts with Identity](https://www.okta.com/)