Backend with Node.js
🔐 Authentication and security
Identify users (authentication), check permissions (authorization) and protect the API against the most common attacks.
What you'll learn
- Store passwords securely with hashing and salt instead of plain text
- Issue and verify JWT tokens (header.payload.signature) with a secret key
- Protect routes with authentication middleware (
401) and role-based authorization (403) - Mitigate common attacks (SQL injection, XSS, CORS, rate limiting) following OWASP
Lessons
Authentication: passwords and tokensHashing with salt, JWT tokens and the login → token → Authorization header flow. Authorization: require a token and check rolesMiddleware that requires authentication (401) and role middleware (403). Web security: OWASP, CORS and best practicesInjection, XSS, CORS, rate limiting, sanitizing inputs, secrets and HTTPS.Practice this module in the app
DevPath is a hands-on course: you read the theory here; in the app you put it into practice with exercises that really run, offline.
Start free in the app →