Here are some best practices to make your NodeJS application secure:

  • Limit the number of concurrent requests through middleware such as cloud firewalls, cloud load balancers, etc.
  • Adjust the HTTP response using secure headers for enhanced security and blocking vulnerabilities such as XSS, clickjacking, etc.
  • Use a secure hash + salt function such as bcrypt to store passwords, API keys, and secrets instead of Node.js crypto library.
  • Limit brute-force authorization attacks by limiting the number of failed login attempts and, in such a case, ban the user's IP address.
  • Limit your payload size by using a reverse-proxy or a middleware.
  • Avoid pushing secrets on to the npm registry.
  • Use cookies securely
  • Ensure the security of all your dependencies
BY Best Interview Question ON 04 Nov 2020