Backend Security

Backend security refers to the measures taken to protect the server-side of web applications. It involves securing APIs, databases, and server configurations to prevent unauthorized access and ensure data integrity.

2.1 SQL Injection

SQL injection occurs when an attacker can execute arbitrary SQL code on a database, potentially leading to data theft or destruction.

2.2 Cross-Site Scripting (XSS)

XSS allows attackers to inject malicious scripts into web content viewed by users, compromising their data and session information.

2.3 Cross-Site Request Forgery (CSRF)

CSRF tricks a user into executing unwanted actions on a web application in which they are authenticated.

• Use parameterized queries to prevent SQL Injection.
• Implement input validation and sanitization to protect against XSS.
• Use CSRF tokens in forms to mitigate CSRF attacks.
• Use HTTPS to encrypt data in transit.
• Regularly update libraries and frameworks to patch vulnerabilities.

4.1 Preventing SQL Injection

const express = require('express');
const mysql = require('mysql');
const app = express();

const db = mysql.createConnection({
    host: 'localhost',
    user: 'user',
    password: 'password',
    database: 'mydb'
});

app.get('/user/:id', (req, res) => {
    const userId = req.params.id;
    const query = 'SELECT * FROM users WHERE id = ?';
    db.query(query, [userId], (err, results) => {
        if (err) throw err;
        res.json(results);
    });
});

app.listen(3000, () => {
    console.log('Server running on port 3000');
});

4.2 Preventing XSS

function sanitizeInput(input) {
    return input.replace(//g, ">");
}

app.post('/submit', (req, res) => {
    const userInput = sanitizeInput(req.body.input);
    // Save sanitized input to the database
});