JSConfBR - Securing Node.js App, by the community and for the community

David DiasFollow

Research Engineer at Protocol Labs

Jul. 20, 2014•0 likes•717 views

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

JSConfBR - Securing Node.js App, by the community and for the community

Check these out next

Deployment Patterns of WSO2 Identity Server

Deployment Patterns of WSO2 Identity Server

Nodejs quick start

Nodejs quick start

Testing NodeJS Security

Testing NodeJS Security

Jose Manuel Ortega Candel

Nodevember 2015

Nodevember 2015

Custom Rules & Broken Tools

Custom Rules & Broken Tools

NotSoSecure Global Services

Introduction to node js

Introduction to node js

Adventures in Underland: Is encryption solid as a rock or a handful of dust?

Adventures in Underland: Is encryption solid as a rock or a handful of dust?

Paula Januszkiewicz

JSConfBR - Securing Node.js App, by the community and for the community

Jul. 20, 2014•0 likes•717 views

Download to read offline

Engineering

JSConfBR - Securing Node.js App, by the community and for the community

David DiasFollow

Research Engineer at Protocol Labs

Recommended

Practical ZFSAll Things Open222 views•22 slides

How to secure nginx server using fail2ban on Centos-7

How to secure nginx server using fail2ban on Centos-7

How to secure nginx server using fail2ban on Centos-7Bhadreshsinh Gohil1.1K views•49 slides

BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...

BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...

BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...JosephTesta9217 views•13 slides

Container Security via Monitoring and Orchestration - Container Security Summit

Container Security via Monitoring and Orchestration - Container Security Summit

Container Security via Monitoring and Orchestration - Container Security SummitDavid Timothy Strauss1K views•17 slides

BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully

BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully

BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully BlueHat Security Conference1.8K views•53 slides

Redis fundamental

Redis fundamental

Redis fundamentalYuhao Zhang132 views•10 slides

More Related Content

Slideshows for you(20)

Deployment Patterns of WSO2 Identity Server

Deployment Patterns of WSO2 Identity Server

Deployment Patterns of WSO2 Identity Server

MifrazMurthaja•183 views

Nodejs quick start

Nodejs quick start

Nodejs quick start

Guangyao Cao•1.2K views

Testing NodeJS Security

Testing NodeJS Security

Testing NodeJS Security

Jose Manuel Ortega Candel•1.4K views

wremes•1.2K views

Nodevember 2015

Nodevember 2015

Nodevember 2015

Adam Baldwin•2.2K views

Custom Rules & Broken Tools

Custom Rules & Broken Tools

Custom Rules & Broken Tools

NotSoSecure Global Services•2.1K views

Introduction to node js

Introduction to node js

Introduction to node js

Amit Thakkar•221 views

Adventures in Underland: Is encryption solid as a rock or a handful of dust?

Adventures in Underland: Is encryption solid as a rock or a handful of dust?

Adventures in Underland: Is encryption solid as a rock or a handful of dust?

Paula Januszkiewicz•5.8K views

Ruby on Windows (uru/RubyInstaller/Devkit)

Ruby on Windows (uru/RubyInstaller/Devkit)

Ruby on Windows (uru/RubyInstaller/Devkit)

Shigeru UCHIYAMA•1K views

IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis

IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis

IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis

BGA Cyber Security•2K views

Security Basics For Developers Knowledge

Security Basics For Developers Knowledge

Security Basics For Developers Knowledge

Siva Sankar•64 views

BlueHat v17 || Securing Windows Defender Application Guard

BlueHat v17 || Securing Windows Defender Application Guard

BlueHat v17 || Securing Windows Defender Application Guard

BlueHat Security Conference•2.4K views

Insecurity-In-Security version.2 (2011)

Insecurity-In-Security version.2 (2011)

Insecurity-In-Security version.2 (2011)

Abhishek Kumar•767 views

Create a RESTful API with NodeJS, Express and MongoDB

Create a RESTful API with NodeJS, Express and MongoDB

Create a RESTful API with NodeJS, Express and MongoDB

Hengki Sihombing•927 views

How to survive in the work from home era

How to survive in the work from home era

How to survive in the work from home era

Marian Marinov•99 views

Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf

Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf

Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf

drewz lin•1.6K views

BlueHat v17 || Down the Open Source Software Rabbit Hole

BlueHat v17 || Down the Open Source Software Rabbit Hole

BlueHat v17 || Down the Open Source Software Rabbit Hole

BlueHat Security Conference•253 views

Node.JS security

Node.JS security

Node.JS security

Deepu S Nath•1.9K views

Fluent plugin-dstat

Fluent plugin-dstat

Fluent plugin-dstat

shunsuke Mikami•1.6K views

rsa_usa_2019_paula_januszkiewicz

rsa_usa_2019_paula_januszkiewicz

rsa_usa_2019_paula_januszkiewicz

ZuzannaKornecka•860 views

Similar to JSConfBR - Securing Node.js App, by the community and for the community (20)

Real World Lessons on the Pain Points of Node.js Applications

Real World Lessons on the Pain Points of Node.js Applications

Real World Lessons on the Pain Points of Node.js Applications

Ben Hall•870 views

Node Day - Node.js Security in the Enterprise

Node Day - Node.js Security in the Enterprise

Node Day - Node.js Security in the Enterprise

Adam Baldwin•8.1K views

Continuous Security: From tins to containers - now what!

Continuous Security: From tins to containers - now what!

Continuous Security: From tins to containers - now what!

Michael Man•458 views

Docker Security workshop slides

Docker Security workshop slides

Docker Security workshop slides

Docker, Inc.•5.2K views

SE2016 Android Denis Zhuchinski "Ways of enhancing application security"

SE2016 Android Denis Zhuchinski "Ways of enhancing application security"

SE2016 Android Denis Zhuchinski "Ways of enhancing application security"

Inhacking•247 views

Denis Zhuchinski Ways of enhancing application security

Denis Zhuchinski Ways of enhancing application security

Denis Zhuchinski Ways of enhancing application security

Аліна Шепшелей•110 views

Reversing & malware analysis training part 12 rootkit analysis

Reversing & malware analysis training part 12 rootkit analysis

Reversing & malware analysis training part 12 rootkit analysis

Abdulrahman Bassam•1.4K views

Kubernetes Summit 2019 - Harden Your Kubernetes Cluster

Kubernetes Summit 2019 - Harden Your Kubernetes Cluster

Kubernetes Summit 2019 - Harden Your Kubernetes Cluster

smalltown •1.6K views

Getting started with developing Nodejs

Getting started with developing Nodejs

Getting started with developing Nodejs

Phil Hawksworth•2.6K views

AppSec California 2016 - Making Security Agile

AppSec California 2016 - Making Security Agile

AppSec California 2016 - Making Security Agile

Oleg Gryb•932 views

Serverless security: defence against the dark arts

Serverless security: defence against the dark arts

Serverless security: defence against the dark arts

Yan Cui•875 views

NodeJS guide for beginners

NodeJS guide for beginners

NodeJS guide for beginners

Enoch Joshua•1.1K views

Sqldata 21 dezembro

Sqldata 21 dezembro

Sqldata 21 dezembro

Pedro Martins•260 views

luis_lmro•540 views

Node.js Build, Deploy and Scale Webinar

Node.js Build, Deploy and Scale Webinar

Node.js Build, Deploy and Scale Webinar

jguerrero999•620 views

Positive Technologies - S4 - Scada under x-rays

Positive Technologies - S4 - Scada under x-rays

Positive Technologies - S4 - Scada under x-rays

qqlan•5.6K views

IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...

IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...

IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...

APNIC•323 views

Real World Lessons on the Pain Points of Node.JS Application

Real World Lessons on the Pain Points of Node.JS Application

Real World Lessons on the Pain Points of Node.JS Application

Ben Hall•686 views

Security in serverless world

Security in serverless world

Security in serverless world

Yan Cui•1.4K views

Pentesting iOS Apps

Pentesting iOS Apps

Pentesting iOS Apps

Herman Duarte•3.3K views

More from David Dias(10)

Enter Gossipsub, A scalable, extensible & hardened P2P PubSub Router protocol

Enter Gossipsub, A scalable, extensible & hardened P2P PubSub Router protocol

Enter Gossipsub, A scalable, extensible & hardened P2P PubSub Router protocol

David Dias•431 views

browserCloud.js - David Dias M.Sc Thesis Defense Deck

browserCloud.js - David Dias M.Sc Thesis Defense Deck

browserCloud.js - David Dias M.Sc Thesis Defense Deck

David Dias•147 views

IPWB and IPFS at WAC2017

IPWB and IPFS at WAC2017

IPWB and IPFS at WAC2017

David Dias•301 views

RDM#2- The Distributed Web

RDM#2- The Distributed Web

RDM#2- The Distributed Web

David Dias•960 views

Node.js Interactive

Node.js Interactive

Node.js Interactive

David Dias•1.4K views

Understanding The Community Lifecycle

Understanding The Community Lifecycle

Understanding The Community Lifecycle

David Dias•724 views

P2P Resource Discovery for the Browser

P2P Resource Discovery for the Browser

P2P Resource Discovery for the Browser

David Dias•1.2K views

Lisboa WebRTC - May 21, 2015 - Intro to WebRTC

Lisboa WebRTC - May 21, 2015 - Intro to WebRTC

Lisboa WebRTC - May 21, 2015 - Intro to WebRTC

David Dias•760 views

Resource Discovery for the Web Platform using a P2P Overlay Network with WebR...

Resource Discovery for the Web Platform using a P2P Overlay Network with WebR...

Resource Discovery for the Web Platform using a P2P Overlay Network with WebR...

David Dias•559 views

TriConf 2014 - LXJS, the Lisbon Javascript Conference

TriConf 2014 - LXJS, the Lisbon Javascript Conference

TriConf 2014 - LXJS, the Lisbon Javascript Conference

David Dias•1.2K views

Recently uploaded(20)

Jingle bell.pdf

Jingle bell.pdf

Jingle bell.pdf

VAIBHAVSAHU55•0 views

LavanyaVaishnavi2•0 views

reactive_dye.ppt

reactive_dye.ppt

reactive_dye.ppt

Gurumurthy B R•0 views

STAAD PRO CONNECT EDITION (SUMMER INTERNSHIP TRAINING)

STAAD PRO CONNECT EDITION (SUMMER INTERNSHIP TRAINING)

STAAD PRO CONNECT EDITION (SUMMER INTERNSHIP TRAINING)

VishalKumar65606•0 views

landscaping companies in uae.pdf

landscaping companies in uae.pdf

landscaping companies in uae.pdf

RomanyLandscape•0 views

Polyiisoprene.pptx

Polyiisoprene.pptx

Polyiisoprene.pptx

Luis Tormento•0 views

literature-review (1).ppt

literature-review (1).ppt

literature-review (1).ppt

Gurumurthy B R•0 views

2011Sulowski_Pres.pdf

2011Sulowski_Pres.pdf

2011Sulowski_Pres.pdf

DeSouzaSoluesemSegur•0 views

LTV A-7D Corsair II Mechanical Accessories Systems.pdf

LTV A-7D Corsair II Mechanical Accessories Systems.pdf

LTV A-7D Corsair II Mechanical Accessories Systems.pdf

TahirSadikovi•0 views

FIDIC Lecture - EOT & Related Costs in Construction.pptx

FIDIC Lecture - EOT & Related Costs in Construction.pptx

FIDIC Lecture - EOT & Related Costs in Construction.pptx

Jeff747294•0 views

Cost-effective architecture of decoder circuits and futuristic scope in the e...

Cost-effective architecture of decoder circuits and futuristic scope in the e...

Cost-effective architecture of decoder circuits and futuristic scope in the e...

VIT-AP University•0 views

E680230530_12J2.pdf

E680230530_12J2.pdf

E680230530_12J2.pdf

IvanS64•0 views

alaakaraja1•0 views

09_Gasoline_Upgrading.pdf

09_Gasoline_Upgrading.pdf

09_Gasoline_Upgrading.pdf

ssusercdc64f•0 views

McDonnell Model 220 Airplane Flight Manual.pdf

McDonnell Model 220 Airplane Flight Manual.pdf

McDonnell Model 220 Airplane Flight Manual.pdf

TahirSadikovi•0 views

kidney stones.pptx

kidney stones.pptx

kidney stones.pptx

ArunKumarP478781•0 views

MTCcorp - Aerospace Capabilities

MTCcorp - Aerospace Capabilities

MTCcorp - Aerospace Capabilities

MTCcorpMarketing•0 views

Scientific billiards. Garnier's practice shots, with hints to amateurs ( PDFD...

Scientific billiards. Garnier's practice shots, with hints to amateurs ( PDFD...

Scientific billiards. Garnier's practice shots, with hints to amateurs ( PDFD...

MuhammadUsman Usman•0 views

Types of Biosensors

Types of Biosensors

Types of Biosensors

Shubham Chavanke•0 views

presentation.pptx

presentation.pptx

presentation.pptx

shamaaslam3•0 views

JSConfBR - Securing Node.js App, by the community and for the community

Securing Node.js apps, by the community and for the community
Hi, I’m David
Hi, I’m David @ diasdavid
Hi, I’m David @diasdavid
Direct Flight Image
Node Security Project
Security before node
Input Validation Output Validation Error Handling Authentication and Authorization Session Management Secure Communications Secure Resource Access Segregation of privileges Secure Storage
You are responsible for what you require()
What has changed?
What has changed? you
http://nodeschool.io
Node Security Project
npm install all the things
npm install fs
npm install socketio
~/analyzer$ node print.js ./output/output.json buffer: 604 child_process: 2867 dgram: 836 dns: 674 fs: 15036 http: 12084 https: 2819 os: 1311 readline: 909 string_decoder: 65 timers: 230 tty: 335 vm: 354
404
New Process
Resources that you can use today
https://nodesecurity.io/resources
Advisories
npm shrinkwrap /validate/shrinkwrap /validate/:module_name/:version POST GET
npm shrinkwrap example curl -X POST https://nodesecurity.io/ validate/shrinkwrap -d @npm- shrinkwrap.json -H "content-type: application/json"
nsp cli $ npm i nsp -g $ npm shrinkwrap $ nsp shrinkwrap
node goat https://github.com/owasp/nodegoat
Thank you! @daviddias | @LiftSecurity | @nodeSecurity