Sails and Express provide built-in, easily configurable protection against most known types of web-application-level attacks.
http://sailsjs.org/documentation/concepts/security
Is that mean that using AngularJs, Express, MongoDB without Sails or similar helpers I need to handle those security scenarios by hand? And probably when I am not aware of them, my app could be vulnerable for some attacks?
Is that mean that using AngularJs, Express, MongoDB without Sails or similar helpers I need to handle those security scenarios by hand?
Yes. Sails provides the solutions, but you still need to use them. Configuration is necessary because security concerns vary from application to application. What Sails gives you is the implementation of the avoidance techniques, i.e. all the major work. What you need to do is choose which of those techniques are relevant to your application and how exactly you wish to use them. Normally, it is as simple as setting a variable to true or false.
And probably when I am not aware of them, my app could be vulnerable for some attacks?
Definitely. Every app/site is vulnerable. The question is almost rhetorical. Awareness is the primary requirement for mitigation/avoidance. Remember that no amount of security is ever enough. But it doesn't hurt to use additional security if you get it for free. Especially since there's very little work required in setting it up. Of course, this needs to be complemented by good programming.
Good luck!
