Web Application Security

Security best practices and vulnerability prevention.

OWASP Top 10

1. Injection (SQL, NoSQL, Command)

// BAD: SQL Injection
const query = `SELECT * FROM users WHERE email = '${email}'`;
db.query(query);

// GOOD: Parameterized queries
const query = 'SELECT * FROM users WHERE email = ?';
db.query(query, [email]);

// GOOD: Using ORM
const user = await User.findOne({ where: { email } });