It is important to understand and train on the most common attacks in Node.js to better prevent them. The following attacks are commonly employed by hackers in the ecosystem:
- Redos
- Directory Traversal
- Brute forces (if no limits or checks.. can be coupled with a dictionary attack if your system indicates whether a mail is used or not).
- SQL injection (also possible with MongoDB etc.. don't think you're safe and dig into the subject).
As a bonus, I recommend that you consult the top 10 attacks listed by OWASP.
⬅️ 🔐 Security: Direct and indirect dependencies | ➡️ 🔐 Security: Static Analysis & AST