Securing Express Applications
Learn how to defend against malicious attacks and improve user experiences using sessions, cookies, and password authentication.
Includes JavaScript, Node.js, Express.js, Sessions, Cookies, OAuth 2.0, SQL Injection, XSS, CSRF, and more.
Skill level
IntermediateTime to complete
Average based on combined completion rates — individual pacing in lessons, projects, and quizzes may vary8 hoursCertificate of completion
YesPrerequisites
2 coursesWe suggest you complete the following courses before you get started with Securing Express Applications:- Learn Node.js
- Learn Express
About this skill path
From malicious threat actors to curious teenagers, hacking attempts and cyber attacks are coming from every angle. Using the OWASP Top Ten as a guide, learn to protect your users, and yourself, from threats to your Express and Node.js applications. Strong authentication and authorization practices, properly protected data, and secure code will protect your web app from these constant threats.
Skills you'll gain
- Use basic authentication techniques
- Secure applications with OAuth 2.0
- Avoid SQL injection, XSS, & CSRF attacks
Syllabus
5 units • 11 lessons • 5 projects • 14 quizzes- 1
Introduction to Securing Express Applications
Learn best practices for securing web applications.
- 2
User Authentication & Authorization
In this course, you’ll learn how to implement User Authentication and Authorization in an Express web application.
- 3
Data Security
Learn how to secure data in your Express application.
- 4
Defending Node Applications from SQL Injection, XSS, & CSRF Attacks
Protect Node.js Applications from SQL Injection, CSRF, & XSS Attacks.
- 5
Review: Securing Express Applications
Review how to secure an Express application.
Projects in this skill path
- Project
Dognation: Password Authentication
In this project, you'll implement authentication in an Express application using `express-sessions`, `passport-local`, and `bcrypt.js`. - Project
Securing School Data: Data Security
Apply what you learned about Postgres security and environment variables! - Project
Codey's Confectionery: Preventing SQL Injection Attacks
Practice using prepared statements and form validation to prevent SQL injection attacks.
Reviews from learners
- The progress I have made since starting to use codecademy is immense! I can study for short periods or long periods at my own convenience - mostly late in the evenings.ChrisCodecademy Learner @ USA
- I felt like I learned months in a week. I love how Codecademy uses learning by practice and gives great challenges to help the learner to understand a new concept and subject.RodrigoCodecademy Learner @ UK
- Brilliant learning experience. Very interactive. Literally a game changer if you're learning on your own.John-AndrewCodecademy Learner @ USA
Our learners work at
Skill paths help you level-up
Get a specialized skill
Want to level up at work? Gain a practical, real-world skill that you can use right away to stand out at your job.Get step-by-step guidance
We guide you through exactly where to start and what to learn next to build a new skill.Get there quickly
We’ve hand-picked the content in each Skill Path to fast-track your journey and help you gain a new skill in just a few months.
Ready to learn a new skill?
Get started on Securing Express Applications with a free Codecademy account.Looking for something else?
Related resources
- Article
Web Application Attacks
In this article, we go over attacks against web applications. - Article
Authentication vs Authorization vs Encryption
In this article, you’ll get an overview of three key concepts in web security: Authentication, Authorization, & Encryption. - Article
Web Security: Not An Add-On
In this article, we will introduce what web security is and what its main principles are!
Related courses and paths
- Free course
User Authentication & Authorization in Express
In this course, you'll learn how to implement User Authentication and Authorization in an Express web application.Intermediate5 hours - Course
Learn to Prevent Cross-Site Scripting with Node.js
Learn how to identify and prevent different types of Cross-Site Scripting attacks in Node.js apps.With CertificateIntermediate1 hour - Course
Learn to Prevent SQL Injections with Node.js
Learn how to identify and defend against SQL Injections in Node.js applications.With CertificateIntermediate< 1 hour
Browse more topics
- Web Development6,971,190 learners enrolled
- Cybersecurity164,887 learners enrolled
- Code Foundations13,348,259 learners enrolled
- For Business9,835,892 learners enrolled
- Computer Science7,576,742 learners enrolled
- Data Science5,886,759 learners enrolled
- Python4,614,864 learners enrolled
- Cloud Computing4,179,709 learners enrolled
- Data Analytics3,988,812 learners enrolled
What's included in skill paths
Practice Projects
Guided projects that help you solidify the skills and concepts you're learning.Assessments
Auto-graded quizzes and immediate feedback help you reinforce your skills as you learn.Certificate of Completion
Earn a document to prove you've completed a course or path that you can share with your network.