Node.js Security Training Online

We at ^lift have invested a ton of effort into gathering, sifting, and condensing some of the best security information for node.js into a powerful, approachable set of videos.

Navigating the challenges of writing secure software is hard. There are a lot of vulnerabilities that happen because we as developers just don't know about them. Additionally, bolting security onto our application is a painful and mostly invisible process.

We are here to help. As developers ourselves, we understand the software development cycle. We get the balancing act between deadlines, feature requests, and writing maintainable software. Add security to the mix and things start unraveling pretty quickly.

However, we have found that writing secure software doesn't create a heavy burden if we take it into consideration from the start. In fact, many of the best practices that we teach improve developer efficiency.

Here is a subset of the topics covered in the videos:


  • SQL Injection
  • NoSQL Injection
  • OS Injection

Content Injection

  • Cross Site Scripting
  • HTML / JavaScript / CSS Contexts
  • Content Security Policy


  • Encryption
  • Password Exposure / Hashes / Bcrypt
  • Sessions

Cross Site Request Forgery

  • Defining CSRF
  • Prevention
  • Node CSRF Libraries

Insecure NPM Modules

  • Node Security Project / NSP Tool
  • david-dm
  • Retire.js

Additional Topics

  • Situational Awareness
  • Common Dev Mistakes
  • Logging
  • Encryption

We hope you enjoy them, and would love to hear what you think!

You might also enjoy reading: