Successfully reported this slideshow.

JSConfBR - Securing Node.js App, by the community and for the community

0

Share

Upcoming SlideShare
RDM#2- The Distributed Web
RDM#2- The Distributed Web
Loading in …3
×
1 of 39
1 of 39

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

JSConfBR - Securing Node.js App, by the community and for the community

  1. 1. Securing Node.js apps, by the community and for the community
  2. 2. Hi, I’m David
  3. 3. Hi, I’m David @ diasdavid
  4. 4. Hi, I’m David @diasdavid
  5. 5. Direct Flight Image
  6. 6. Node Security Project
  7. 7. Security before node
  8. 8. Input Validation Output Validation Error Handling Authentication and Authorization Session Management Secure Communications Secure Resource Access Segregation of privileges Secure Storage
  9. 9. You are responsible for what you require()
  10. 10. What has changed?
  11. 11. What has changed? you
  12. 12. http://nodeschool.io
  13. 13. Node Security Project
  14. 14. npm install all the things
  15. 15. npm install fs
  16. 16. npm install socketio
  17. 17. ~/analyzer$ node print.js ./output/output.json buffer: 604 child_process: 2867 dgram: 836 dns: 674 fs: 15036 http: 12084 https: 2819 os: 1311 readline: 909 string_decoder: 65 timers: 230 tty: 335 vm: 354
  18. 18. 404
  19. 19. New Process
  20. 20. Resources that you can use today
  21. 21. https://nodesecurity.io/resources
  22. 22. Advisories
  23. 23. npm shrinkwrap /validate/shrinkwrap /validate/:module_name/:version POST GET
  24. 24. npm shrinkwrap example curl -X POST https://nodesecurity.io/ validate/shrinkwrap -d @npm- shrinkwrap.json -H "content-type: application/json"
  25. 25. nsp cli $ npm i nsp -g $ npm shrinkwrap $ nsp shrinkwrap
  26. 26. node goat https://github.com/owasp/nodegoat
  27. 27. Thank you! @daviddias | @LiftSecurity | @nodeSecurity

×