Skill up onNode.js Secure Coding
Master Node.js security and secure coding best practices through analyzing and exploiting real-world vulnerable npm packages.
+99Join Kyriakos, Sergio, Mateo, and hundreds of developers who learn from Liran Tal
Node.js Secure Coding: Defending Against Command Injection Vulnerabilities
- PDF & EPUB
- 106 Pages
- 12 Vulnerable npm Packages
- 33 Self-assessment Questions
- 10 Chapters
- Dark Mode SPECIAL EDITION
- Sale 30% OFF
- July 2023 edition
Node.js Secure Coding: Prevention and Exploitation of Path Traversal Vulnerabilities
- PDF & EPUB
- 117 Pages
- 7 Vulnerable npm Packages
- 40 Self-assessment Questions
- 11 Chapters
- Dark Mode SPECIAL EDITION
- Sale 30% OFF
- September 2023 EDITION
Developers Love Node.js Secure Coding
Read testimonials and learn what the developer community has to say about the books and their recommendations to follow Node.js Secure Coding practices.
Thomas Gentilhomme
Node.js lead at MyUnisoft, Node Security WG
I have finished reading Node.js Secure Coding from Liran Tal. I read the whole thing in an hour without realizing it. I learned and discovered a few things along the way. I laughed at the IFS, didn't see it coming.
Manuel Spigolon
Senior Software Developer at NearForm
Liran Tal, your book on Node.js security is an absolute gem! The abundance of real-world examples with commented fixes is incredibly valuable 👏 Your practical solutions have enlightened me, especially the discovery of the shell-quote module! Recommended to all Node.js developers!
Yoni Goldberg
Software Architect, Node.js Specialist
I wholeheartedly enjoyed working and learning from Liran's expertise in securing applications. With extensive experience speaking at global conferences and actively contributing code to the community, he is a true authority in the field. I highly endorse both his enlightening book and engaging workshop, as they are invaluable resources for anyone looking to enhance their understanding and implementation of application security
Daniel Garcia
Cybersecurity & API Security Consultant
Liran Tal just published a new book about Node.js secure coding. It is worth taking a look at!
Eli (Tom) Lelonek
Application Security Manager at Allot
I highly recommend the new Node.js Secure Coding book published by Liran Tal. Covers not only Node.js but also gives you another perspective on how to achieve good and secure applications, especially with understanding and handling SAST vulnerabilities. Liran - CHAPEAU!
Marco Ippolito
Node.js Collaborator & Developer Experience Engineer @NearForm
Got my copy of Node.js secure coding! I already know I'll learn a lot 🔥
Master Node.js Security Through Hands-On Learning and Best Practices
Comprehensive learning path
Whether you're a beginner or an experienced JavaScript developer, this Node.js Secure Coding book takes a comprehensive approach to security. From basic terminology to introduction to Command Injection, you'll learn about assorted patterns of insecure code observed in popular and well-known npm packages.
Hands-on learning
Unlike other security books that rely on theoretical examples, this book is based on real-world vulnerable code found in popular npm packages. You'll get hands-on experience reviewing and fixing security issues in these projects, learning practical security skills and Node.js secure coding best practices.
Best practices and practical takeaways
Each chapter ends with a summary of the lessons learned, highlighting best practices for securing your Node.js code and improving your overall security knowledge of Command Injection vulnerabilities.
Congratulations!
You've leveled up your security skills!
Liran is a tireless advocate for security in the JS ecosystem. He works hard to build bridges, educate developers about security issues, and support Open Source projects working to improve their security posture. Liran has served on the Node security team and is always available to support developers!
OpenJS Foundation
What sets Liran Tal apart as an authority on secure coding in Node.js?
Security Analyst for the Node.js Foundation
In his role as a security analyst in the Node.js Foundation's Security Working Group, Liran reviewed hundreds of vulnerability reports for npm packages and established processes for responsible security disclosures and vulnerability triage.
Education is a core practice
Passionate about educating developers on application security and secure coding practices, Liran is a world-wide international speaker, workshop instructor, and author of several books on the subject. He occasionally speaks on software security topics at academic institutions, such as presenting to students at the Electrical and Computer Engineering School at Purdue University.
Award-winning GitHub Star ⭐️
Liran received the GitHub Star recognition award from GitHub for his work educating and inspiring developers.
Recipient of the Pathfinder for Security Award 🎖️
Honored with the OpenJS Foundation Pathfinder for Security Award, Liran is recognized for his work advancing Node.js security.
Security Researcher
An accomplished security researcher, Liran has disclosed security vulnerabilities in various open source software projects, including being credited with CVEs impacting npm packages.
Acclaimed Recognition at Black Hat
Liran's work on supply chain security research, including Lockfile Injection, was presented at the prestigious Black Hat Europe 2021 cybersecurity conference. Liran is also the creator of several developer security tooling projects such as npq, is-website-vulnerable, and snync, which help developers and enterprises defend against dependency confusion attacks.
About Liran Tal
Liran Tal is an accomplished software developer, respected security researcher, and prominent advocate for open source software in the JavaScript community. As an experienced author and educator, Liran has written several widely respected books on software security. These include "Serverless Security" published by O'Reilly, as well as the self-published titles "Essential Node.js Security" and "Web Security: Learning HTTP Security Headers". Liran's leadership in open source security includes significant contributions to OWASP projects, recording supply chain security incidents at the CNCF, and various OpenSSF initiatives. Currently, Liran is a developer advocate at Snyk where he empowers developers with the knowledge and tools needed to build and deploy secure software.
Hands-On
Node.js Security
Master secure coding in Node.js with real-world vulnerable npm dependencies and experience secure coding and offensive security hacking first-hand
Node.js Secure Coding: Defending Against Command Injection Vulnerabilities