NodeJS Security Expert Needed. CORs,DOS Protection,Hashing, and more

SENTRY ;) I did a quick look through your code and came up with these. Concerns: Websockets are done over HTTP - Should be fixable in nginx config now I know how the code works [login to view URL] Ensure security groups are correctly set up to not permit access to redis/mongo/etc. except from prod VPC Package 'crypto' is unneedeed, should be replaced with node's builtin Package 'kleur' needs upgrading to package 'ansi-colors', should be a drop-in replacement Sentry doesn't work because it's not the first imported middleware - It needs to go above import authMiddleware from "./middlewares/auth"; 50mb size limit on picture uploads is a bit big, and should probably be ratelimited/limited total size per user. Check out how [login to view URL] is used Auth login limits, basic bruteforce protection DOS protection should be mainly done on the network side, but basic rate limiting can be implemented to reduce potential for abuse: [login to view URL] Payload validation: [login to view URL] Sensitive config (eg. salts, passwords) should be preferably stored in AWS SSM and grabbed during runtime You've already implemented CORS, but it might be worth setting up a URL whitelist when in DEV environment to make testing easier General code recommendations: I have a bunch but it wouldn't fit in the proposal. I'll format it properly in a word doc for you.

Hi. i am a full web developer with over 5 years on freelancer.com. I have read your description and have interests in your project. I have rich experiences in projects similar to yours. I am ready for your project now. I would like to have a discussion on chat to get more about your project. Thanks. Best Regard

Hi there! May Peace Be Upon You !! I am a certified ethical hacker and pen tester. I just love hacking and breaking the rules, but don’t get me wrong as I said I am an ethical hacker. @Certified at Ethical Hacking @Certified at WEB APP SECURITY FUNDAMENTALS @Certified at Website Hacking / Penetration Testing @Certified at Cyber Security Forensics Main Skills: Penetration Testing, Web Application Security. Social Engineering, Red team assessment, Ethical Hacking & Countermeasures, Malware Analysis. I provide a variety of security services including white/black hat penetration testing, network and host auditing, Policies and Business Impact Analysis. I will do OWASP Top 10 Application Security Pentesting. A1:2017-Injection A2:2017-Broken Authentication A3:2017-Sensitive Data Exposure A4:2017-XML External Entities (XXE) A5:2017-Broken Access Control A6:2017-Security Misconfiguration A7:2017-Cross-Site Scripting (XSS) A8:2017-Insecure Deserialization A9:2017-Using Components with Known Vulnerabilities A10:2017-Insufficient Logging&Monitoring Please Contact me anytime if you are really looking forward to a quality and world-class work delivered to you. It will be a pleasure to work with you. See you online and have a great day! Warm regards, Shofiur

Hello! I am very interested in your post project. i am Express JS, Javascript, node.js, NoSQL Couch & Mongo, Web Security expert. i am really looking for this kind of project since i have rich experience on it. I think this project is very suitable for me and i am sure i can give you good result . If you award me for your project, you will get good result . please call me Dmitrii. looking forward to work with you. thanks regards

>> SENTRY Hello, I am a Node.js security expert and can definitely help you out to apply all security suggestions to run a production server. I have referred your job description along with the articles. Also, I am experienced with MongoDB, AWS. As I have total 10+ years of experience with Node.js, React.js, AngularJS, JavaScript, PHP, Ruby on Rails, PostgreSQL, AWS, Heroku, AJAX, Bootstrap, Git, HTML, CSS, etc... technologies and based on my experience and expertise, I assure you that all your requirements will be FULFILLED with a satisfactory OUTCOME. I have worked on many enterprise-level Node.js projects with a high level of my client's satisfaction. Also, I can give you a demo over the call or during an interview. And I am really interested to discuss your project requirements thoroughly. Please open the message box to go ahead. Kindly let me know if you have any query or concern. Waiting for your response. Thanks!

Dear Sir, Greeting from my side, I would like to apply for this job, and I will make it as per your requirement, as described in your Job details. As a young, dynamic, experience and talented team of software developer I would like to apply for this job, and we will deliver it as per your requirement. When you would like to discuss our next steps. Best quality and on time work is our guarantee. With warm regards & Thanks, Ashok Rathod Mxicoders

SENTRY I'm interested in your project. Please send me a message so that we can discuss more. Thanks & Regards, Mohammad https://www.freelancer.com/u/LinuxGun

Hi Dear, Really love to see your needful need here in Freelancer. As handled projects from scratch to floors were build teams and plans for startup development environments. I’m always keen for a long term handshake which makes me loud and clear as regards of my career growth. Please consider me you’re your project to build a nice relationship. Can guarantee you that you never been regret upon our business working relationship. Need a relation first rest Commercials will discussed and negotiate later as we go on. I don't wants to write generic words to get your job as I’m little strategic to think in a whole. As of my team and individual work present includes demonstrable ability to deliver projects on time, with high quality, and within budget. Please feel free for a quick chat to clear the relationship more. Advance thanks and regards

Hello Sir, I have experience in nodejs application, i can add security module as you want I also know about Mongo and Mongoose. I can complete your task as per your requirement. Thanks