# Security

### Overview

Sails and Express provide built-in, easily configurable protection against most known types of web-application-level attacks.

> **Note**: If you believe you have found a security vulnerability in Sails, please refer to our [security policy](https://sailsjs.com/security) for instructions for reporting it.


### Security topics

Learn about several different types of attacks that Node.js/Sails helps prevent out of the box, and how to enable and configure security settings in your app:

+ [CORS](https://sailsjs.com/documentation/concepts/security/cors)
+ [DDOS](https://sailsjs.com/documentation/concepts/security/ddos)
+ [CSRF](https://sailsjs.com/documentation/concepts/security/csrf)
+ [Clickjacking](https://sailsjs.com/documentation/concepts/security/clickjacking)
+ [P3P](https://sailsjs.com/documentation/concepts/security/p3p)
+ [Content Security Policy](https://sailsjs.com/documentation/concepts/security/content-security-policy)
+ [Socket hijacking](https://sailsjs.com/documentation/concepts/security/socket-hijacking)
+ [XSS](https://sailsjs.com/documentation/concepts/security/xss)
+ [Strict Transport Security](https://sailsjs.com/documentation/concepts/security/strict-transport-security)


<docmeta name="displayName" value="Security">