Explore Node.js security considerations and best practices in this 56-minute conference talk by Ilya Verbitskiy at NDC Conferences. Gain insights into the growing cybersecurity challenges faced by companies in the digital age. Learn about Node.js and Express.js security overviews, cryptography, and how to protect your applications from common vulnerabilities. Discover methods to prevent OWASP Top 10 threats in Node.js/Express.js applications, implement proper authentication and logging, and utilize security middleware. Understand the importance of careful NPM package selection and explore tools to enhance application security. Cover topics such as cross-site scripting (XSS), CSRF, sensitive data exposure, JavaScript cryptography, secure password storage, and file upload security. Equip yourself with the knowledge to build more secure Node.js applications in an increasingly vulnerable digital landscape.
Overview
Syllabus
Intro
TOP 2 VULNERABILITIES
BUG FIXING COST
UNVALIDATED REDIRECTS AND FORWARDS
USING COMPONENTS WITH KNOWN VULNERABILITIES
HOW TO CHOOSE NPM PACKAGES?
CROSS-SITE REQUEST FORGERY (CSRF)
MISSING FUNCTION LEVEL ACCESS CONTROL
SENSITIVE DATA EXPOSURE
CAN I PREVENT SNIFFING?
JAVASCRIPT CRYPTOGRAPHY
SECURITY MISCONFIGURATION
INSECURE DIRECT OBJECT REFERENCES
CROSS-SITE SCRIPTING (XSS)
NODE.JS AUTHENTICATION
NODE.JS ACCESS CONTROL
SESSIONS
SECURE PASSWORDS STORAGE
JAVASCRIPT INJECTION
COMMAND INJECTION
FILE UPLOAD SECURITY
TRY IT YOURSELF
QUESTIONS?
Taught by
NDC Conferences
