- Keep your application up to date.
- Principle of less privilege.
- Use Strict Mode
- Validate all user input.
- Encrypt sensitive information
- Rate limiting Requests
Keep your application up to date
Principle of less privilege.
Another important security practice is to use the least privileged access to resources. This involves granting users the least amount of access necessary to perform their tasks, it helps to limit the potential damage that could be caused if an attack were to occur, there's no need to expose more data than is required, this works very well with relational databases especially one where data is properly normalized, this can also be achieved easily if you are using GraphQL, you only fetch the required fields while others are hidden away safely.
Use Strict Mode
undefined read up more strict mode
Validate all user input.
Additionally, you should be sure to properly validate user input. This helps to prevent malicious code from being executed on the server. This cannot be overstated, ensure that you validate all inputs that you are collecting from a user, don't make the dumb assumption that all your users are good and they all like you! When it comes to handling user input you should handle validation as if your app was going to be hacked every single time a user was submitting an input, there are several data validation library out there but Zod is making waves right now and for a good reason!
Encrypt sensitive information
You should also be sure to use secure encryption algorithms and protocols to protect any sensitive data that is being transmitted. Additionally, it’s important to follow the principle of least privilege when it comes to user authentication. All user details that shouldn't see the eye of hacker should be encrypted or hashed! Passwords, credit card numbers and all sensitive information that could cause a user serious damage if breached should be encrypted, this way even if there's a leak the hackers will have to find a way to crack the hashed or encrypted data, you can use libraries like crypto-js for advanced data encryption or you can use bcrypt for simple password encryption/hashing.
Rate limiting Requests
Rate limiting is a technique used to restrict the frequency of user requests to a web service or application. This can be done to reduce the strain on the server and also to prevent malicious bots from taking actions such as scraping, brute force, credential stuffing, or denial of service (DoS). By setting a limit on the number of requests allowed, rate limiting can help protect sites from malicious attacks. The application, rather than the web server, is where rate limiting usually occurs. Usually, rate limiting is done by recording the IP addresses from where the requests are sent and monitoring the amount of time between each request.
Top comments (0)