To summarize, we learned how to create a simple RESTful server using Express.js and Node.js. At the same time, we have seen how to effectively inject malicious JavaScript using very simple observation techniques. This chapter also demonstrates cross-origin requests that expose a CSRF vulnerability. Most importantly, you might have noticed that security loopholes are typically a combination of both frontend and server-side loopholes: both hands need to clap in order for security issues to occur.