GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → RisingStack → Protect

RisingStack / Protect

Licence: mit
Proactively protect your Node.js web services

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

nodejssecurityexpressxsssql-injection

Projects that are alternatives of or similar to Protect

Janusec
Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+95.69%)
Mutual labels:  xss, sql-injection
Express Security
nodejs + express security and performance boilerplate.
Stars: ✭ 37 (-90.61%)
Mutual labels:  express, xss
Sourcecodesniffer
The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.
Stars: ✭ 87 (-77.92%)
Mutual labels:  xss, sql-injection
Hackerone Reports
Top disclosed reports from HackerOne
Stars: ✭ 458 (+16.24%)
Mutual labels:  xss, sql-injection
Resources
No description or website provided.
Stars: ✭ 38 (-90.36%)
Mutual labels:  xss, sql-injection
Phpvuln
Audit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (-62.94%)
Mutual labels:  xss, sql-injection
Hacker101
Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+3008.12%)
Mutual labels:  xss, sql-injection
solutions-bwapp
In progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (-59.9%)
Mutual labels:  xss, sql-injection
diwa
A Deliberately Insecure Web Application
Stars: ✭ 32 (-91.88%)
Mutual labels:  xss, sql-injection
hackable
A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks
Stars: ✭ 61 (-84.52%)
Mutual labels:  xss, sql-injection
Arachni
Web Application Security Scanner Framework
Stars: ✭ 2,942 (+646.7%)
Mutual labels:  xss, sql-injection
vulnerabilities
List of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-96.45%)
Mutual labels:  xss, sql-injection
Cerberus
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-1.27%)
Mutual labels:  xss, sql-injection
Example Create React App Express
Example on using create-react-app with a Node Express Backend
Stars: ✭ 361 (-8.38%)
Mutual labels:  express
Strimpack
A platform for livestreamers to make a home for their audience.
Stars: ✭ 378 (-4.06%)
Mutual labels:  express
Wssat
WEB SERVICE SECURITY ASSESSMENT TOOL
Stars: ✭ 360 (-8.63%)
Mutual labels:  xss
Scaner
扫描器是来自GitHub平台的开源扫描器的集合,包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具,如:awvs、nmap,w3af将不包含在集合范围内。
Stars: ✭ 357 (-9.39%)
Mutual labels:  xss
Browserify Middleware
express middleware for browserify, done right
Stars: ✭ 385 (-2.28%)
Mutual labels:  express
Practicalnode
Practical Node.js, 1st and 2nd Editions [Apress] 📓
Stars: ✭ 3,694 (+837.56%)
Mutual labels:  express
Lamp Cloud
lamp-cloud 基于Jdk11 + SpringCloud + SpringBoot的微服务快速开发平台,其中的可配置的SaaS功能尤其闪耀, 具备RBAC功能、网关统一鉴权、Xss防跨站攻击、自动代码生成、多种存储系统、分布式事务、分布式定时任务等多个模块,支持多业务系统并行开发, 支持多服务并行开发,可以作为后端服务的开发脚手架。代码简洁,注释齐全,架构清晰,非常适合学习和企业作为基础框架使用。
Stars: ✭ 4,125 (+946.95%)
Mutual labels:  xss
View All Similar Projects ➔

Protect by RisingStack

Build Status Known Vulnerabilities

Works on Node.js v6 and newer.

The purpose of this module is to provide out-of-box, proactive protection for common security problems, like SQL injection attacks, XSS attacks, brute force, etc...

This module is not a silver bullet, and is not a substitute for security-minded engineering work. But it can help you to achieve your goals.

protect by risingstack

Basic usage

npm i @risingstack/protect --save

With Express

const protect = require('@risingstack/protect')
const express = require('express')
const bodyParser = require('body-parser')
const redis = require('redis')

const client = redis.createClient()

const app = express()

app.use(bodyParser.json({
  extended: false
}))

app.use(protect.express.sqlInjection({
  body: true,
  loggerFunction: console.error
}))

app.use(protect.express.xss({
  body: true,
  loggerFunction: console.error
}))

app.use(protect.express.rateLimiter({
  db: client,
  id: (request) => request.connection.remoteAddress
}))

app.get('/', (request, response) => {
  response.send('hello protect!')
})

app.post('/login', protect.express.rateLimiter({
  db: client,
  id: (request) => request.body.email,
  // max 10 tries per 2 minutes
  max: 10,
  duration: 120000
}), (request, response) => {
  response.send('wuut logged in')
})

app.listen(3000)

API

protect.express.sqlInjection([options])

Returns an Express middleware, which checks for SQL injections.

  • options.body: if this options is set (true), the middleware will check for request bodies as well
    • default: false
    • prerequisite: you must have the body-parser module used before adding the protect middleware
  • options.loggerFunction: you can provide a logger function for the middleware to log attacks
    • default: noop

protect.express.xss([options])

Returns an Express middleware, which checks for XSS attacks.

  • options.body: if this options is set (true), the middleware will check for request bodies
    • default: false
    • prerequisite: you must have the body-parser module used before adding the protect middleware
  • options.loggerFunction: you can provide a logger function for the middleware to log attacks
    • default: noop

protect.express.rateLimiter([options])

Returns an Express middleware, which ratelimits

  • options.id: function that returns the id used for ratelimiting - gets the request as its' first parameter
    • required
    • example: (request) => request.connection.remoteAddress
  • options.db: redis connection instance
    • required
  • options.max: max requests within options.duration
    • default: 2500
  • options.max: of limit in milliseconds
    • default: 3600000
  • options.loggerFunction: you can provide a logger function for the middleware to log attacks
    • default: noop

protect.express.headers([options])

The headers object is a reference to the main helmet object exported. For docs on the options object, please refer to the helmet documentation.

Roadmap

Security Recommendations

As mentioned, this module isn't a silver bullet to solve your security issues completely. The following information is provided to hopefully point you in the right direction for solving other security concerns or alternatives that may be useful based on your budget or scale.

Other Aspects

There are plenty of other areas that you should be concerned about when it comes to security, that this module doesn't cover (yet or won't) for various reasons. Here are a few that are worth researching:

Resources

Dedicated WAF

If you have the resources available (budget or hosting environment), a dedicated WAF (Web Application Firewall) can offer a robust solution to various security issues, such as blocking potential attackers and flagging their activity.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].