Explore the security landscape of Node.js in this 42-minute conference talk from AppSecEU 2015 in Amsterdam. Delve into the architecture, potential vulnerabilities, and attack vectors specific to Node.js applications. Learn about CPU-intensive code risks, web server vulnerabilities, and third-party component threats. Examine real-world examples, including random number prediction and rainbow table attacks, with a live demonstration. Investigate MongoDB security concerns, user authentication issues, and routing stack vulnerabilities. Gain insights into defending against malicious attacks and implementing proper security measures for Node.js applications.
The Node.js Highway - Attacks Are At Full Throttle
Overview
Syllabus
Introduction
Agenda
Architecture
NoJS
CPU Intensive Code
Nodejs Web Server
ThirdParty Components
Example
Random Number Prediction
Rainbow Tables
Demo
MongoDB
Document
User Find
NoJS vs Evil
NoJS routing stack
Add method
Add page
Route stack
No tracking
Taught by
OWASP Foundation
