Submit Search
Upload
JSConfBR - Securing Node.js App, by the community and for the community
•
0 likes
•
717 views
David Dias
Follow
JSConfBR - Securing Node.js App, by the community and for the community
Read less
Read more
Engineering
Report
Share
Report
Share
1 of 39
Download now
Download to read offline
Recommended
Practical ZFS
Practical ZFS
All Things Open
How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7
Bhadreshsinh Gohil
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
JosephTesta9
Container Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security Summit
David Timothy Strauss
BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully
BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully
BlueHat Security Conference
Redis fundamental
Redis fundamental
Yuhao Zhang
Cara instal
Cara instal
عبد المنان الشافعي
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat Security Conference
Recommended
Practical ZFS
Practical ZFS
All Things Open
How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7
Bhadreshsinh Gohil
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
JosephTesta9
Container Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security Summit
David Timothy Strauss
BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully
BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully
BlueHat Security Conference
Redis fundamental
Redis fundamental
Yuhao Zhang
Cara instal
Cara instal
عبد المنان الشافعي
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat Security Conference
Deployment Patterns of WSO2 Identity Server
Deployment Patterns of WSO2 Identity Server
MifrazMurthaja
Nodejs quick start
Nodejs quick start
Guangyao Cao
Testing NodeJS Security
Testing NodeJS Security
Jose Manuel Ortega Candel
Fosdem10
Fosdem10
wremes
Nodevember 2015
Nodevember 2015
Adam Baldwin
Custom Rules & Broken Tools
Custom Rules & Broken Tools
NotSoSecure Global Services
Introduction to node js
Introduction to node js
Amit Thakkar
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Paula Januszkiewicz
Ruby on Windows (uru/RubyInstaller/Devkit)
Ruby on Windows (uru/RubyInstaller/Devkit)
Shigeru UCHIYAMA
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
BGA Cyber Security
Security Basics For Developers Knowledge
Security Basics For Developers Knowledge
Siva Sankar
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat Security Conference
Insecurity-In-Security version.2 (2011)
Insecurity-In-Security version.2 (2011)
Abhishek Kumar
Create a RESTful API with NodeJS, Express and MongoDB
Create a RESTful API with NodeJS, Express and MongoDB
Hengki Sihombing
How to survive in the work from home era
How to survive in the work from home era
Marian Marinov
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
drewz lin
BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat Security Conference
Node.JS security
Node.JS security
Deepu S Nath
Fluent plugin-dstat
Fluent plugin-dstat
shunsuke Mikami
rsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewicz
ZuzannaKornecka
Real World Lessons on the Pain Points of Node.js Applications
Real World Lessons on the Pain Points of Node.js Applications
Ben Hall
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
More Related Content
What's hot
Deployment Patterns of WSO2 Identity Server
Deployment Patterns of WSO2 Identity Server
MifrazMurthaja
Nodejs quick start
Nodejs quick start
Guangyao Cao
Testing NodeJS Security
Testing NodeJS Security
Jose Manuel Ortega Candel
Fosdem10
Fosdem10
wremes
Nodevember 2015
Nodevember 2015
Adam Baldwin
Custom Rules & Broken Tools
Custom Rules & Broken Tools
NotSoSecure Global Services
Introduction to node js
Introduction to node js
Amit Thakkar
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Paula Januszkiewicz
Ruby on Windows (uru/RubyInstaller/Devkit)
Ruby on Windows (uru/RubyInstaller/Devkit)
Shigeru UCHIYAMA
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
BGA Cyber Security
Security Basics For Developers Knowledge
Security Basics For Developers Knowledge
Siva Sankar
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat Security Conference
Insecurity-In-Security version.2 (2011)
Insecurity-In-Security version.2 (2011)
Abhishek Kumar
Create a RESTful API with NodeJS, Express and MongoDB
Create a RESTful API with NodeJS, Express and MongoDB
Hengki Sihombing
How to survive in the work from home era
How to survive in the work from home era
Marian Marinov
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
drewz lin
BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat Security Conference
Node.JS security
Node.JS security
Deepu S Nath
Fluent plugin-dstat
Fluent plugin-dstat
shunsuke Mikami
rsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewicz
ZuzannaKornecka
What's hot
(20)
Deployment Patterns of WSO2 Identity Server
Deployment Patterns of WSO2 Identity Server
Nodejs quick start
Nodejs quick start
Testing NodeJS Security
Testing NodeJS Security
Fosdem10
Fosdem10
Nodevember 2015
Nodevember 2015
Custom Rules & Broken Tools
Custom Rules & Broken Tools
Introduction to node js
Introduction to node js
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Ruby on Windows (uru/RubyInstaller/Devkit)
Ruby on Windows (uru/RubyInstaller/Devkit)
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
Security Basics For Developers Knowledge
Security Basics For Developers Knowledge
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
Insecurity-In-Security version.2 (2011)
Insecurity-In-Security version.2 (2011)
Create a RESTful API with NodeJS, Express and MongoDB
Create a RESTful API with NodeJS, Express and MongoDB
How to survive in the work from home era
How to survive in the work from home era
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat v17 || Down the Open Source Software Rabbit Hole
Node.JS security
Node.JS security
Fluent plugin-dstat
Fluent plugin-dstat
rsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewicz
Similar to JSConfBR - Securing Node.js App, by the community and for the community
Real World Lessons on the Pain Points of Node.js Applications
Real World Lessons on the Pain Points of Node.js Applications
Ben Hall
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
Michael Man
Docker Security workshop slides
Docker Security workshop slides
Docker, Inc.
Denis Zhuchinski Ways of enhancing application security
Denis Zhuchinski Ways of enhancing application security
Аліна Шепшелей
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
Inhacking
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
Abdulrahman Bassam
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
smalltown
Getting started with developing Nodejs
Getting started with developing Nodejs
Phil Hawksworth
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
Oleg Gryb
Serverless security: defence against the dark arts
Serverless security: defence against the dark arts
Yan Cui
NodeJS guide for beginners
NodeJS guide for beginners
Enoch Joshua
Sqldata 21 dezembro
Sqldata 21 dezembro
Pedro Martins
Book
Book
luis_lmro
Node.js Build, Deploy and Scale Webinar
Node.js Build, Deploy and Scale Webinar
jguerrero999
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
qqlan
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
APNIC
Real World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS Application
Ben Hall
Security in serverless world
Security in serverless world
Yan Cui
Pentesting iOS Apps
Pentesting iOS Apps
Herman Duarte
Similar to JSConfBR - Securing Node.js App, by the community and for the community
(20)
Real World Lessons on the Pain Points of Node.js Applications
Real World Lessons on the Pain Points of Node.js Applications
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
Docker Security workshop slides
Docker Security workshop slides
Denis Zhuchinski Ways of enhancing application security
Denis Zhuchinski Ways of enhancing application security
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Getting started with developing Nodejs
Getting started with developing Nodejs
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
Serverless security: defence against the dark arts
Serverless security: defence against the dark arts
NodeJS guide for beginners
NodeJS guide for beginners
Sqldata 21 dezembro
Sqldata 21 dezembro
Book
Book
Node.js Build, Deploy and Scale Webinar
Node.js Build, Deploy and Scale Webinar
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
Real World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS Application
Security in serverless world
Security in serverless world
Pentesting iOS Apps
Pentesting iOS Apps
More from David Dias
Enter Gossipsub, A scalable, extensible & hardened P2P PubSub Router protocol
Enter Gossipsub, A scalable, extensible & hardened P2P PubSub Router protocol
David Dias
browserCloud.js - David Dias M.Sc Thesis Defense Deck
browserCloud.js - David Dias M.Sc Thesis Defense Deck
David Dias
IPWB and IPFS at WAC2017
IPWB and IPFS at WAC2017
David Dias
RDM#2- The Distributed Web
RDM#2- The Distributed Web
David Dias
Node.js Interactive
Node.js Interactive
David Dias
Understanding The Community Lifecycle
Understanding The Community Lifecycle
David Dias
P2P Resource Discovery for the Browser
P2P Resource Discovery for the Browser
David Dias
Lisboa WebRTC - May 21, 2015 - Intro to WebRTC
Lisboa WebRTC - May 21, 2015 - Intro to WebRTC
David Dias
Resource Discovery for the Web Platform using a P2P Overlay Network with WebR...
Resource Discovery for the Web Platform using a P2P Overlay Network with WebR...
David Dias
TriConf 2014 - LXJS, the Lisbon Javascript Conference
TriConf 2014 - LXJS, the Lisbon Javascript Conference
David Dias
More from David Dias
(10)
Enter Gossipsub, A scalable, extensible & hardened P2P PubSub Router protocol
Enter Gossipsub, A scalable, extensible & hardened P2P PubSub Router protocol
browserCloud.js - David Dias M.Sc Thesis Defense Deck
browserCloud.js - David Dias M.Sc Thesis Defense Deck
IPWB and IPFS at WAC2017
IPWB and IPFS at WAC2017
RDM#2- The Distributed Web
RDM#2- The Distributed Web
Node.js Interactive
Node.js Interactive
Understanding The Community Lifecycle
Understanding The Community Lifecycle
P2P Resource Discovery for the Browser
P2P Resource Discovery for the Browser
Lisboa WebRTC - May 21, 2015 - Intro to WebRTC
Lisboa WebRTC - May 21, 2015 - Intro to WebRTC
Resource Discovery for the Web Platform using a P2P Overlay Network with WebR...
Resource Discovery for the Web Platform using a P2P Overlay Network with WebR...
TriConf 2014 - LXJS, the Lisbon Javascript Conference
TriConf 2014 - LXJS, the Lisbon Javascript Conference
Recently uploaded
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
rehmti665
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
asadnawaz62
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Anamika Sarkar
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
wendy cai
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
Dr. Gudipudi Nageswara Rao
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
DeepakSakkari2
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
purnimasatapathy1234
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
Soham Mondal
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
k795866
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Dr.Costas Sachpazis
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
RajaP95
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
RajaP95
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
eptoze12
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
roselinkalist12
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
ssuser7cb4ff
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
vipinkmenon1
power system scada applications and uses
power system scada applications and uses
DevarapalliHaritha
Recently uploaded
(20)
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
power system scada applications and uses
power system scada applications and uses
JSConfBR - Securing Node.js App, by the community and for the community
1.
Securing Node.js apps, by
the community and for the community
2.
Hi, I’m David
3.
Hi, I’m David @
diasdavid
4.
Hi, I’m David @diasdavid
5.
6.
Direct Flight Image
7.
8.
9.
Node Security Project
10.
Security before node
11.
Input Validation Output Validation Error
Handling Authentication and Authorization Session Management Secure Communications Secure Resource Access Segregation of privileges Secure Storage
12.
You are responsible for
what you require()
13.
What has changed?
14.
What has changed? you
15.
http://nodeschool.io
16.
Node Security Project
17.
18.
npm install all
the things
19.
npm install fs
20.
npm install socketio
21.
~/analyzer$ node print.js
./output/output.json buffer: 604 child_process: 2867 dgram: 836 dns: 674 fs: 15036 http: 12084 https: 2819 os: 1311 readline: 909 string_decoder: 65 timers: 230 tty: 335 vm: 354
22.
404
23.
24.
New Process
25.
26.
27.
28.
29.
30.
31.
32.
Resources that you can
use today
33.
https://nodesecurity.io/resources
34.
Advisories
35.
npm shrinkwrap /validate/shrinkwrap /validate/:module_name/:version POST GET
36.
npm shrinkwrap example curl
-X POST https://nodesecurity.io/ validate/shrinkwrap -d @npm- shrinkwrap.json -H "content-type: application/json"
37.
nsp cli $ npm
i nsp -g $ npm shrinkwrap $ nsp shrinkwrap
38.
node goat https://github.com/owasp/nodegoat
39.
Thank you! @daviddias |
@LiftSecurity | @nodeSecurity
Download now