Feat/path traversal article

[lmammino]

Summary

Adds a comprehensive guide on preventing path traversal attacks in Node.js applications. This article establishes a new Security content pillar for the blog.

• New article: "Node.js Path Traversal: Prevention & Security Guide" (/blog/nodejs-path-traversal-security)
• ~6,500 words covering attack vectors, defense patterns, and testing strategies
• Includes working code examples for secure file servers (vanilla Node.js + Express.js)
• References real-world CVEs (Apache, Rails, npm packages, Node.js itself)
• Updated content calendar to include Security as a 4th content pillar

Article Highlights

• Quick Answer section with copy-paste safeResolve() utility
• Attack vectors covered: basic traversal, URL encoding, double encoding, null bytes, Windows paths, UNC paths, symlinks
• Defense patterns: input decoding, path canonicalization, boundary checking, TOCTOU mitigation
• Framework integration: Express.js example with res.sendFile()
• Testing suite: Node.js built-in test runner examples + penetration testing checklist
• Monitoring & incident response: logging patterns and response procedures

SEO Considerations

• Primary keyword: "node js path traversal" (est. 1,000+ monthly searches)
• 6 FAQ items for schema markup / featured snippets
• Internal links to existing content (file operations guide, race conditions, installing Node.js)
• Backlink from Reading/Writing Files guide already in place

Content Calendar Updates

• Added "Node.js Security" as 4th content pillar
• Added Month 9-10 security roadmap with 3 future articles:
  • Input Validation in Node.js
  • Secure File Uploads
  • OWASP Top 10 for Node.js
• Updated internal linking map with security cluster structure