Security Best Practices
Helmet, CORS, rate limiting, input sanitization, SQL injection, XSS, CSRF
1What is Helmet in the context of NestJS?
What is Helmet in the context of NestJS?
Risposta
Helmet is middleware that automatically configures HTTP security headers to protect applications against common vulnerabilities. It enables headers like X-Frame-Options, Content-Security-Policy, X-Content-Type-Options to prevent XSS, clickjacking, and MIME sniffing. Helmet is an essential production best practice to strengthen the security surface.
2What is the main role of CORS in an API?
What is the main role of CORS in an API?
Risposta
CORS (Cross-Origin Resource Sharing) controls which external domains can access API resources. Without CORS configuration, browsers block requests from different domains for security reasons. Properly configuring CORS prevents access errors while maintaining security. Use whitelists of allowed origins rather than allowing all domains with wildcard.
3What is the best approach to protect an API against brute force attacks?
What is the best approach to protect an API against brute force attacks?
Risposta
Rate limiting restricts the number of requests per IP or user over a given period, preventing automated brute force attacks. Packages like throttler-module in NestJS easily configure global or per-endpoint limits. Combine rate limiting with progressive strategies (increasing temporary blocking) and CAPTCHA for sensitive endpoints. Rate limiting also protects against denial of service.
What is an XSS (Cross-Site Scripting) attack?
How to protect a NestJS application against SQL injection?
+22 domande da colloquio
Altri argomenti di colloquio Node.js / NestJS
Node.js Fundamentals
Node.js Core APIs
Asynchronous Programming
Express.js Basics
NestJS Fundamentals
REST API Design
Validation & DTO
API Documentation & Contracts
Error Handling
Unit Testing
Task Scheduling
NestJS Modules & DI
Configuration & Environment Management
JWT Authentication
Authorization & RBAC
Database with TypeORM
Prisma ORM
Middleware & Interceptors
File Upload
WebSockets
GraphQL with NestJS
End-to-End Testing
Caching with Redis
Queues with Bull
DevOps, Logging & CI/CD
Docker & Containerization
Microservices
Performance & Cloud Deployment
Padroneggia Node.js / NestJS per il tuo prossimo colloquio
Accedi a tutte le domande, flashcards, test tecnici, esercizi di code review e simulatori di colloquio.
Inizia gratis