Securing Express Applications
Learn how to defend against malicious attacks and improve user experiences using sessions, cookies, and password authentication.
Includes JavaScript, Node.js, Express.js, Sessions, Cookies, OAuth 2.0, SQL Injection, XSS, CSRF, and more.
Skill level
IntermediateTime to complete
Average based on combined completion rates — individual pacing in lessons, projects, and quizzes may vary8 hoursProjects
5Prerequisites
2 coursesWe suggest you complete the following courses before you get started with Securing Express Applications:- Learn Node.js
- Learn Express
About this skill path
From malicious threat actors to curious teenagers, hacking attempts and cyber attacks are coming from every angle. Using the OWASP Top Ten as a guide, learn to protect your users, and yourself, from threats to your Express and Node.js applications. Strong authentication and authorization practices, properly protected data, and secure code will protect your web app from these constant threats.
Skills you'll gain
- Use basic authentication techniques
- Secure applications with OAuth 2.0
- Avoid SQL injection, XSS, & CSRF attacks
Syllabus
5 units • 11 lessons • 5 projects • 14 quizzes- 1
Introduction to Securing Express Applications
Learn best practices for securing web applications.
- 2
User Authentication & Authorization
In this course, you’ll learn how to implement User Authentication and Authorization in an Express web application.
- 3
Data Security
Learn how to secure data in your Express application.
- 4
Defending Node Applications from SQL Injection, XSS, & CSRF Attacks
Protect Node.js Applications from SQL Injection, CSRF, & XSS Attacks.
- 5
Review: Securing Express Applications
Review how to secure an Express application.
Certificate of completion available with Plus or Pro
Earn a certificate of completion and showcase your accomplishment on your resume or LinkedIn.
Projects in this skill path
- practice Project
Dognation: Password Authentication
In this project, you'll implement authentication in an Express application using `express-sessions`, `passport-local`, and `bcrypt.js`. - practice Project
Securing School Data: Data Security
Apply what you learned about Postgres security and environment variables! - practice Project
Codey's Confectionery: Preventing SQL Injection Attacks
Practice using prepared statements and form validation to prevent SQL injection attacks.
Earn a certificate of completion
Show your network you've done the work by earning a certificate of completion for each course or path you finish.- Show proofReceive a certificate that demonstrates you've completed a course or path.
- Build a collectionThe more courses and paths you complete, the more certificates you collect.
- Share with your networkEasily add certificates of completion to your LinkedIn profile to share your accomplishments.
Reviews from learners
- The progress I have made since starting to use codecademy is immense! I can study for short periods or long periods at my own convenience - mostly late in the evenings.ChrisCodecademy Learner @ USA
- I felt like I learned months in a week. I love how Codecademy uses learning by practice and gives great challenges to help the learner to understand a new concept and subject.RodrigoCodecademy Learner @ UK
- Brilliant learning experience. Very interactive. Literally a game changer if you're learning on your own.John-AndrewCodecademy Learner @ USA
Our learners work at
Skill paths help you level-up
Get a specialized skill
Want to level up at work? Gain a practical, real-world skill that you can use right away to stand out at your job.Get step-by-step guidance
We guide you through exactly where to start and what to learn next to build a new skill.Get there quickly
We’ve hand-picked the content in each Skill Path to fast-track your journey and help you gain a new skill in just a few months.
Ready to learn a new skill?
Get started on Securing Express Applications with a free Codecademy account.StartLooking for something else?
Related resources
- Article
Web Application Attacks
In this article, we go over attacks against web applications. - Article
Authentication vs Authorization vs Encryption
In this article, you’ll get an overview of three key concepts in web security: Authentication, Authorization, & Encryption. - Article
Web Security: Not An Add-On
In this article, we will introduce what web security is and what its main principles are!
Related courses and paths
- Course
Defending Node Applications from SQL Injection, XSS, & CSRF Attacks
Learn how to protect Node.js Applications from SQL Injection, CSRF, & XSS Attacks, JavaScript safety practices, and what to do when something goes wrong.With CertificateIntermediate2 hours - Free course
User Authentication & Authorization in Express
In this course, you'll learn how to implement User Authentication and Authorization in an Express web application.Intermediate5 hours - Course
Learn to Prevent Cross-Site Scripting with Node.js
Learn how to identify and prevent different types of Cross-Site Scripting attacks in Node.js apps.With CertificateIntermediate1 hour
Browse more topics
- Cybersecurity218,613 learners enrolled
- Web development4,969,279 learners enrolled
- Code foundations7,418,249 learners enrolled
- Computer science5,875,520 learners enrolled
- Data science4,485,701 learners enrolled
- Python3,621,163 learners enrolled
- For business3,361,353 learners enrolled
- JavaScript2,865,750 learners enrolled
- Data analytics2,464,662 learners enrolled
What's included in skill paths
Practice Projects
Guided projects that help you solidify the skills and concepts you're learning.Assessments
Auto-graded quizzes and immediate feedback help you reinforce your skills as you learn.Certificate of Completion
Earn a document to prove you've completed a course or path that you can share with your network.