Security Basics in MERN

Web development refers to the creating, building, and maintaining of websites. It includes aspects such as web design, web publishing, web programming, and database management. One of the most famous stacks that is used for Web Development is the MERN stack. This stack provides an end-to-end framework for the users to work in and each of these technologies plays a big part in the development of web applications.

Prerequisites:

Table of Content

Security risks on the Internet
Basic Practices for Security in MERN
Steps to Create a Server
Conclusion

Security risks on the Internet:

As internet usage continues to grow, so do the security risks present on the internet, manifesting in various forms. When developing any type of web application, it is the user’s responsibility to ensure the app’s security to minimize risks like data breaches, leaks, and exposure. In this article, we will discuss some basic practices for securing a MERN app.

Basic Practices for Security in MERN:

Now, let’s list some basic security threats that MERN apps can face and discuss how these threats can be prevented.

Preventing DDoS Attacks: DDoS attacks flood a service with traffic, making it inaccessible to legitimate users. To mitigate this threat in MERN applications, users can limit requests from specific IP addresses using the express-rate-limit middleware.
Secure Data Transmission: Unencrypted data transmitted between client and server can be intercepted and exploited. Using encryption, facilitated by the Crypto library helps safeguard sensitive data during storage and transmission.
Preventing XSS Attacks: XSS attacks involve injecting malicious scripts into web pages, compromising user data and sessions. Mitigate this risk in MERN applications by sanitizing user input and validating data on both client and server sides. Frameworks like Helmet.js enhance security by setting proper HTTP headers and enforcing content security policies.
Persistent User Sessions: Loss of session data during navigation disrupts user experience. Implementing techniques like JSON Web Tokens (JWT) for session management ensures secure authentication and persistent user sessions across requests.
Managing Dependency Risks: Outdated dependencies in MERN applications can harbor security vulnerabilities and performance issues. Regularly updating both local and global packages is essential to mitigate these risks.

npm update 
npm update -g

Steps to Create a Server:

Step 1: Create a server in your terminal using the following command.

npm init -v

Step 2: Install the following package in your server using the following command.

npm install express express-rate-limit

Example: Below is an example of security basic in MERN application.

Javascript

const express = require('express');

const rateLimit = require('express-rate-limit');
 
// Create the Express app
const app = express();
 
// Define rate limit configuration
const limiter = rateLimit({

    windowMs: 1 * 60 * 1000, // 1 minutes window

    max: 10, // Allow 100 requests per window

    message: `Too many requests from this IP,

   please try again later`,
});
 
// Apply rate limiter to all routes
app.use(limiter);
 
// Sample route handler

app.get('/', (req, res) => {

    res.send('Hello World!');
});
 
// Start the server
const port = process.env.PORT || 3000;
app.listen(port, () => {

    console.log(`Server listening on port ${port}`);
});

Start your server using the following command.

node server.js

Output:

Conclusion:

Prioritizing security is crucial in today’s online landscape for MERN applications. By implementing practices like rate limiting, data encryption, input sanitization, and dependency updates, developers can enhance application security. These measures safeguard user data, maintain application integrity, and ensure a secure user experience amidst evolving online threats.

Article Tags :

MERN Stack

Web Technologies