Writing Secure Node Code

[grnd]

Title

Writing Secure Node Code

Description

Some of the very things that make JavaScript awesome can also expose it to security risks. This talk will go through some sample security flaws unique to Node’s async nature and surrounding ecosystem (or especially relevant to it). We'll show how these could occur in your own code or in npm dependencies.

The talk will revolve around a sample vulnerable application, Goof, which we will exploit as an attacker would. For each issue, we'll explain why it happened, show its impact, and – most importantly – see how to avoid or fix it.

Learning objectives

Getting familiar with common vulnerabilities and the ways to avoid them.

City of residence

Tel Aviv, Israel