Before you can defend a system, you must understand how to dismantle it. This module maps the digital terrain of backend architectures and introduces the adversary's mindset.
The "Attack Surface" represents the sum of all points (vectors) where an unauthorized user can try to enter data or extract data from an environment. In modern Node.js backends, this surface is often vast and fragmented.
Backend systems are prime targets because they hold the "Crown Jewels": User Data, Business Logic, and Secrets. Unlike frontend attacks (which often affect a single user), a backend breach can compromise the entire organization.
Where do attackers look first? Typically, they hunt for configuration errors and logic flaws.
Shadow APIs (undocumented endpoints) and lack of rate limiting allow for data scraping and resource exhaustion.
Broken Object Level Authorization (BOLA/IDOR) allows User A to access User B's resources by changing an ID in the URL.
Injection flaws (SQLi, NoSQLi) occur when untrusted data is sent to an interpreter as part of a command.
Security is not a product; it's a process. Threat modeling involves asking four key questions before writing a single line of code:
The Defender has to be right 100% of the time. They must secure every endpoint,
every input, and every dependency.
The Attacker only has to be right once. They look for the path of
least resistance.
Enterprises use frameworks like STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) to categorize threats.
In a Node.js context, this means auditing middleware chains, ensuring `helmet` is configured correctly, and validating that serialization logic doesn't leak sensitive fields like `password_hash` in API responses.
Confidential documents for further study: