Cybersecurity › Web Application Security
Snippets
22 ControlsCopy-Paste Snippets
Node.js (Helmet - CSP)
// Node.js (Helmet) — Security Headers & CSP
const helmet = require('helmet');
app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "https://trusted-cdn.com"],
objectSrc: ["'none'"],
upgradeInsecureRequests: [],
},
},
hsts: { maxAge: 31536000, includeSubDomains: true, preload: true }
}));Parameterized Query (Sequelize ORM)
// Prevent SQLi with ORMs like Sequelize or Prisma
// BAD: Concatenating input
// sequelize.query("SELECT * FROM users WHERE name = '" + req.body.name + "'");
// GOOD: Bound parameters
sequelize.query('SELECT * FROM users WHERE name = :username', {
replacements: { username: req.body.name },
type: QueryTypes.SELECT
});